Linux Kernel MMC WMT-SDMMC Host Controller Return Value Check Vulnerability

A vulnerability exists in the Linux kernel's MMC WMT-SDMMC host controller driver. The issue arises because the function 'mmc_add_host()' can return an error, and if this return value is ignored, it leads to a memory leak from 'mmc_alloc_host()'. This memory leak can cause a kernel crash when the system attempts to remove a device that was not properly added. The vulnerability affects several versions of the Linux kernel.

Impact

Failure to properly handle the return value of 'mmc_add_host()' can lead to a memory leak, causing a kernel crash when the system tries to remove a device that was not correctly added.

Reproduction

The vulnerability can be reproduced by loading a device driver that uses the WMT-SDMMC host controller without properly checking the return value of 'mmc_add_host()'. This can be done by modifying the driver to ignore the return value, which will create a memory leak when 'mmc_alloc_host()' is called. When the device is later removed, the system will attempt to delete the unadded device, leading to a crash.

Remediation

The vulnerability has been addressed by modifying the driver to check the return value of 'mmc_add_host()' and handle errors appropriately. Users should ensure they are using a version of the Linux kernel that includes this fix.