Linux Kernel Atmel-MCI MMC Host Return Value Check Vulnerability

A vulnerability exists in the Linux kernel's Atmel MultiMediaCard Interface (MMC) driver. The issue arises because the function 'mmc_add_host()' can return an error, and if this return value is ignored, it leads to two problems: first, memory allocated by 'mmc_alloc_host()' is leaked; second, during the removal process, 'mmc_remove_host()' is called to delete a device that was never added, causing a kernel crash due to a null pointer dereference in 'device_del()'. This vulnerability affects the Linux kernel stable tree.

Impact

Failure to properly check the return value of 'mmc_add_host()' in the Atmel-MCI driver can lead to memory leaks and kernel crashes.

Reproduction

The vulnerability can be reproduced by using the Atmel-MCI driver for MMC controllers in the Linux kernel. When a host is initialized, the driver allocates memory for the MMC host but fails to check if 'mmc_add_host()' was successful. If 'mmc_add_host()' returns an error, the allocated memory is not freed, leading to a memory leak. Additionally, the driver will attempt to remove a device that was not properly added, causing a kernel crash.

Remediation

The vulnerability has been addressed by modifying the Atmel-MCI driver to check the return value of 'mmc_add_host()' and to free the allocated memory using 'mmc_free_host()' if an error occurs. Users should update to the latest version of the Linux kernel where this fix has been applied.