CVE-2022-50640
Published Dec 9, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the card device's reference counter does not increase for it at sdio_init_func(), but all SDIO card device reference counter gets decreased at sdio_release_func().
Is your site exposed to CVE-2022-50640?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/1e8cd93ae536581562bab4e1d8c5315bbc2548bf
https://git.kernel.org/stable/c/1fb79478695d92bab1c120ad3dad05252b02a29d
https://git.kernel.org/stable/c/66d461a92f32b6995b630625d350259b6b1f961b
https://git.kernel.org/stable/c/7a09c64b7da0abdec3919812e3d93ecc44069ed0
https://git.kernel.org/stable/c/8bf037279b5869ae9331c42bb1527d2680ebba96
https://git.kernel.org/stable/c/9972e6b404884adae9eec7463e30d9b3c9a70b18
https://git.kernel.org/stable/c/b3275dde570b6420106a715bb58a0af041b94d95
https://git.kernel.org/stable/c/b8b2965932e702b21e335ff30e1bb550f5a23b6f
Frequently Asked Questions
What is CVE-2022-50640? +
In the Linux kernel, the following vulnerability has been resolved:
mmc: core: Fix kernel panic when remove non-standard SDIO card
SDIO tuple is only allocated for standard SDIO card, especially it causes
memory corruption issues when the non-standard SDIO card has removed, which
is because the card device's reference counter does not increase for it at
sdio_init_func(), but all SDIO card device reference counter gets decreased
at sdio_release_func().
How do I check if I'm vulnerable to CVE-2022-50640? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.