Linux Kernel Alcor MMC Driver Return Value Check Vulnerability

A vulnerability exists in the Linux kernel's Alcor Micro Cardreader SD/MMC driver, specifically in the handling of the 'mmc_add_host()' function. The driver fails to properly check the return value of this function, which can lead to a memory leak from 'mmc_alloc_host()'. This oversight may cause a kernel crash when the driver attempts to remove a device that was not successfully added. The issue has been addressed by implementing a return value check and freeing the host memory in case of an error.

Impact

The vulnerability can lead to a memory leak and a subsequent kernel crash, caused by attempting to remove a device that was not properly added.

Reproduction

The vulnerability can be reproduced by loading the Alcor Micro Cardreader SD/MMC driver without the necessary return value check in place. This can be done by using a version of the Linux kernel that has not yet applied the fix for this issue. Once the driver is loaded, the 'mmc_add_host()' function will be called without proper error handling, leading to a memory leak. When the driver is unloaded, the kernel will attempt to remove the device, causing a crash because the device was never successfully added.

Remediation

Users can upgrade to a version of the Linux kernel that includes the fix for this vulnerability. The patch is available in the Linux kernel stable tree.