Linux Kernel VUB300 MMC Host Controller Return Value Check Vulnerability

A vulnerability exists in the Linux kernel's handling of the VUB300 USB-to-SD/SDIO/MMC driver. The issue arises because the function 'mmc_add_host()' can return an error, and if this return value is ignored, it leads to a memory leak from 'mmc_alloc_host()'. This leak can cause a kernel crash when the system attempts to remove a device that was not properly added. The vulnerability is present in the Linux kernel stable tree.

Impact

Failure to properly check the return value of 'mmc_add_host()' can lead to memory leaks and subsequent kernel crashes.

Reproduction

The vulnerability can be reproduced by using the VUB300 USB-to-SD/SDIO/MMC driver in the Linux kernel. When the driver is loaded, the 'vub300_probe' function is called. This function includes a call to 'mmc_add_host(mmc)' without checking the return value. If 'mmc_add_host()' fails, the allocated memory is not freed, leading to a memory leak. Additionally, the 'inactivity_timer' is not properly deleted, which can cause further issues when the driver is removed.

Remediation

Users can update to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for updating the kernel can be found in the official Linux kernel documentation.