CVE-2022-50347

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A flaw exists in the Linux kernel where the mmc add host() function’s return value was not properly checked. Failing to check the return value could lead to a memory leak within the mmc alloc host() function, potentially causing a kernel crash during device removal. The issue occurs because memory allocated during host addition is not freed when mmc add host() fails. The fix involves verifying the return value of mmc add host() and calling mmc free host() in the error path, along with led classdev unregister() and pm runtime disable().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Unchecked Return Value

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252CWE-476

Related Identifiers

BDU:2026-05972

CVE-2022-50347

OESA-2025-2468

RHSA-2024:9315

SUSE-SU-2025:03615-1

SUSE-SU-2025:03628-1

SUSE-SU-2025:3716-1

SUSE-SU-2025:3761-1

SUSE-SU-2026:0473-1

Affected Products

Astra Linux

Linux Kernel

Suse

CVE-2022-50347

Weakness Enumeration

Related Identifiers

Affected Products

References · 1182