Bug 2420263 (CVE-2022-50640)
| Summary: | CVE-2022-50640 kernel: mmc: core: Fix kernel panic when remove non-standard SDIO card | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw in the Linux kernel mmc core driver was discovered that could lead to a kernel panic and memory corruption when a non-standard SDIO card is removed. The Vulnerability arises because SDIO tuples are only allocated for standard SDIO cards, resulting in an inconsistent reference count for the device structure. When the non-standard card is removed, the reference counter is decremented without the corresponding earlier increment, potentially triggering use of freed memory or panic conditions. A local user with access to the affected subsystem could trigger this behavior, causing the kernel to crash.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-12-09 01:04:12 UTC
|