SB20251230107 - Memory leak in Linux kernel mmc host driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2022-50886)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the toshsd_probe() function in drivers/mmc/host/toshsd.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/3329e7b7132ca727263fb0ee214cf52cc6dcaaad
• https://git.kernel.org/stable/c/34ae492f8d172f0bd193c24cad588b35419ea47a
• https://git.kernel.org/stable/c/3dbb69a0242c31ea4c9eee22b1c41b515fe509a0
• https://git.kernel.org/stable/c/4f6cb1c685f9e20a4a9fa565e442f5af4dad70ff
• https://git.kernel.org/stable/c/6444079767b68b1fbed0e7668081146e80dcb719
• https://git.kernel.org/stable/c/647e370dd0ef7e212d8d014bda748e461eab2e8c
• https://git.kernel.org/stable/c/aabbedcb6c9a72d12d35dc672e83f0c8064d8a61
• https://git.kernel.org/stable/c/bfd77b194c94aefbde4efc30ddf8607dd9244672
• https://git.kernel.org/stable/c/f670744a316ea983113a65313dcd387b5a992444
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.303
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.270
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.337
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.163
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.86
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.229
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.16
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2