{"id":"CVE-2022-50846","summary":"mmc: via-sdmmc: fix return value check of mmc_add_host()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: via-sdmmc: fix return value check of mmc_add_host()\n\nmmc_add_host() may return error, if we ignore its return value,\nit will lead two issues:\n1. The memory that allocated in mmc_alloc_host() is leaked.\n2. In the remove() path, mmc_remove_host() will be called to\n   delete device, but it's not added yet, it will lead a kernel\n   crash because of null-ptr-deref in device_del().\n\nFix this by checking the return value and goto error path which\nwill call mmc_free_host().","modified":"2026-03-20T11:47:39.342554Z","published":"2025-12-30T12:11:03.286Z","related":["SUSE-SU-2026:0263-1","SUSE-SU-2026:0317-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0617-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50846.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/076bcd2c93e16b05c10564e299d6e5d26a766d00"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0959cc1685eb19774300d43ef25e318b457b156b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0ec94795114edc7e24ec71849dce42bfa61dafa3"},{"type":"WEB","url":"https://git.kernel.org/stable/c/12b8e81b77c05c658efd9cde3585bbd65ae39b59"},{"type":"WEB","url":"https://git.kernel.org/stable/c/63400da6cd37a9793c19bb6aed7131b58b975a04"},{"type":"WEB","url":"https://git.kernel.org/stable/c/95025a8dd0ec015872f6c16473fe04d6264e68ca"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ba91b413983a9235792523c6b9f7ba2586c4d75d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e4e46fb61e3bb4628170810d3f2b996b709b90d9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f59ef2a47a228e51322ad76752a55a8917c56e38"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50846.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50846"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"f0bf7f61b8405224bc52fc9a3ccd167a68126e00"},{"fixed":"076bcd2c93e16b05c10564e299d6e5d26a766d00"},{"fixed":"12b8e81b77c05c658efd9cde3585bbd65ae39b59"},{"fixed":"95025a8dd0ec015872f6c16473fe04d6264e68ca"},{"fixed":"f59ef2a47a228e51322ad76752a55a8917c56e38"},{"fixed":"63400da6cd37a9793c19bb6aed7131b58b975a04"},{"fixed":"0959cc1685eb19774300d43ef25e318b457b156b"},{"fixed":"0ec94795114edc7e24ec71849dce42bfa61dafa3"},{"fixed":"ba91b413983a9235792523c6b9f7ba2586c4d75d"},{"fixed":"e4e46fb61e3bb4628170810d3f2b996b709b90d9"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50846.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.31"},{"fixed":"4.9.337"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.303"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.270"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.229"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.163"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.86"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.0.16"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.1.0"},{"fixed":"6.1.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50846.json"}}],"schema_version":"1.7.5"}