Linux Kernel MOXA ART MMC Driver Return Value Check Vulnerability

A vulnerability exists in the Linux kernel's MOXA ART SD/MMC driver, specifically in the return value handling of the 'mmc_add_host()' function. If the return value is ignored, it can lead to a memory leak from 'mmc_alloc_host()', causing a kernel crash when an unadded device is deleted during the removal process. This issue has been addressed by modifying the code to properly check the return value and handle errors appropriately.

Impact

Failure to check the return value of 'mmc_add_host()' can result in a memory leak and a subsequent kernel crash.

Reproduction

The vulnerability can be reproduced by loading the MOXA ART SD/MMC driver and then triggering a device removal process. If 'mmc_add_host()' fails and its return value is not properly checked, the allocated memory will not be freed, leading to a crash when the removal process tries to delete the unadded device.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archive.