CVE Tools
Sign in

CVE-2022-50846

mmc: via-sdmmc: fix return value check of mmc_add_host()

Published: Dec 30, 2025Updated: Dec 31, 2025 Sources: CVE List NVD BDU
NVD MITRE
5.5CVSSMEDIUM
EPSS Score
0.2%
Top 85.3%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path which will call mmc_free_host().

CVSS Vector Breakdown

AV:LAC:LC:NI:NA:H
Exploitability
AV:LAccess Vector
Local
AC:LAccess Complexity
Low
Impact
C:NConfidentiality
None
I:NIntegrity
None
A:HAvailability
H
Open in CVSS calculator →

Affected Products

LinuxLinux
On-premOS
Operating Systems / linux-distro
UbuntuCanonical Ltd.
On-premOS
Operating Systems / linux-distro
Debian GNU/LinuxСообщество свободного программного обеспечения
On-premOS
Operating Systems / linux-distro
SUSE Linux Enterprise Server for SAP ApplicationsNovell Inc.
On-premOS
Operating Systems / linux-distro
Red Hat Enterprise LinuxRed Hat Inc.
On-premOS
Operating Systems / linux-distro
linuxoss-projectOperating Systemsaka the linux kernel
canonical ltd.commercialGBOperating Systemsaka canonical
сообщество свободного программного обеспеченияoss-projectOperating Systemsaka сообщество свободного программного обеспечения, fsf
novell inc.commercialUSOperating Systems
red hat inc.commercialUSOperating Systemsaka red hat
and 3 more affected products View all →

Exploitability

Official Patch Available

References

https://git.kernel.org/stable/c/076bcd2c93e16b05c10564e299d6e5d26a766d00
git.kernel.org
https://git.kernel.org/stable/c/0959cc1685eb19774300d43ef25e318b457b156b
git.kernel.org
https://git.kernel.org/stable/c/0ec94795114edc7e24ec71849dce42bfa61dafa3
git.kernel.org
and 20 more references View all →

Timeline

Published
Dec 30, 2025
Last Updated
Dec 31, 2025

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2022-50846 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows