5.5

CVE-2023-52708

mmc: mmc_spi: fix error handling in mmc_spi_probe()

In the Linux kernel, the following vulnerability has been resolved:

mmc: mmc_spi: fix error handling in mmc_spi_probe()

If mmc_add_host() fails, it doesn't need to call mmc_remove_host(),
or it will cause null-ptr-deref, because of deleting a not added
device in mmc_remove_host().

To fix this, goto label 'fail_glue_init', if mmc_add_host() fails,
and change the label 'fail_add_host' to 'fail_gpiod_request'.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 2.6.24 < 5.4.232
LinuxLinux Kernel Version >= 5.5 < 5.10.169
LinuxLinux Kernel Version >= 5.11 < 5.15.95
LinuxLinux Kernel Version >= 5.16 < 6.1.13
LinuxLinux Kernel Version6.2 Updaterc1
LinuxLinux Kernel Version6.2 Updaterc2
LinuxLinux Kernel Version6.2 Updaterc3
LinuxLinux Kernel Version6.2 Updaterc4
LinuxLinux Kernel Version6.2 Updaterc5
LinuxLinux Kernel Version6.2 Updaterc6
LinuxLinux Kernel Version6.2 Updaterc7
LinuxLinux Kernel Version6.2 Updaterc8
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.16
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://git.kernel.org/stable/c/0b3edcb24bd81b3b2e3dac89f4733bfd47d283be
Patch
https://git.kernel.org/stable/c/82645bf4ed02abe930a659c5fe16d593a6dbd93f
Patch
https://git.kernel.org/stable/c/cf4c9d2ac1e42c7d18b921bec39486896645b714
Patch
https://git.kernel.org/stable/c/e9b488d60f51ae312006e224e03a30a151c28bdd
Patch
https://git.kernel.org/stable/c/ecad2fafd424ffdc203b2748ded0b37e4bbecef3
Patch