Linux Kernel MMC Meson-GX Host Addition Return Value Check Vulnerability

A vulnerability exists in the Linux kernel's MMC (MultiMediaCard) subsystem for Meson-GX platforms. The issue arises in the host addition process, where the return value of the 'mmc_add_host()' function is not properly checked. This oversight can lead to two significant problems: First, it causes a memory leak by failing to release memory allocated during the host creation process. Second, it can trigger a kernel crash by attempting to remove a device that was never successfully added, resulting in a null pointer dereference. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can lead to a kernel crash due to a null pointer dereference, causing a denial of service by abruptly terminating the kernel process.

Reproduction

The vulnerability can be reproduced by probing an MMC host on a Meson-GX platform without checking the return value of 'mmc_add_host()'. This can be done by modifying the MMC driver for Meson-GX to ignore the return value, allowing the probe function to proceed without proper error handling. As a result, if 'mmc_add_host()' fails, the allocated memory is not freed, and the device removal process can attempt to delete a device that was never added, causing a kernel crash.

Remediation

The vulnerability has been addressed by modifying the MMC Meson-GX driver to check the return value of 'mmc_add_host()' and handle errors appropriately. Users should upgrade to the latest version of the Linux kernel where this fix has been applied.