CVE-2022-50670
Published Dec 9, 2025
Modified Apr 15, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: mmc: omap_hsmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. In the remove() path, mmc_remove_host() will be called to delete device, but it's not added yet, it will lead a kernel crash because of null-ptr-deref in device_del(). Fix this by checking the return value and goto error path wihch will call mmc_free_host().
Is your site exposed to CVE-2022-50670?
Run a free security scan — no signup, results in seconds.
References
Other References
https://git.kernel.org/stable/c/4e1dc24bcfc8257f24c0663badec7e4f3ae80558
https://git.kernel.org/stable/c/62005dfcc396424db3337a1dc3ab49623537f5e5
https://git.kernel.org/stable/c/a525cad241c339ca00bf7ebf03c5180f2a9b767c
https://git.kernel.org/stable/c/a5f8a4583280a76e50329b910e91ef1dea1e6c79
https://git.kernel.org/stable/c/f153c9e15f8961bdf38707853e15b42ea7c691d9
https://git.kernel.org/stable/c/fb3d596267a98813a7a8206097d8d46c98505a0d
Frequently Asked Questions
What is CVE-2022-50670? +
In the Linux kernel, the following vulnerability has been resolved:
mmc: omap_hsmmc: fix return value check of mmc_add_host()
mmc_add_host() may return error, if we ignore its return value,
it will lead two issues:
1. The memory that allocated in mmc_alloc_host() is leaked.
2. In the remove() path, mmc_remove_host() will be called to
delete device, but it's not added yet, it will lead a kernel
crash because of null-ptr-deref in device_del().
Fix this by checking the return value and goto error path wihch
will call mmc_free_host().
How do I check if I'm vulnerable to CVE-2022-50670? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.