References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

In the Linux kernel, the following vulnerability has been resolved:

mmc: atmel-mci: fix return value check of mmc_add_host()

mmc_add_host() may return error, if we ignore its return value,
it will lead two issues:
1. The memory that allocated in mmc_alloc_host() is leaked.
2. In the remove() path, mmc_remove_host() will be called to
   delete device, but it's not added yet, it will lead a kernel
   crash because of null-ptr-deref in device_del().

So fix this by checking the return value and calling mmc_free_host()
in the error path.

https://git.kernel.org/stable/c/00ac0f5f95920f003cd6ece53cdc759549b69118

https://git.kernel.org/stable/c/1925472dec31ec061d57412b3a65a056ea24f340

https://git.kernel.org/stable/c/6bb26abb92f25e582a0976091a10b539fe3796db

https://git.kernel.org/stable/c/85946ceb0fac20ab39cdb85333086daf0291a553

https://git.kernel.org/stable/c/99a6cdfa2cf05028b52f6d8ee85ccc5f8b71b4a2

https://git.kernel.org/stable/c/9e6e8c43726673ca2abcaac87640b9215fd72f4c

https://git.kernel.org/stable/c/cc8bb436f3c842a86b9082d97933582120d180e2