Primary

Context

Linux Kernel MMC Sunplus Driver Return Value Check Vulnerability

Vulnerability

Patched

A vulnerability exists in the Linux kernel's MMC Sunplus driver, specifically in the handling of the return value from the 'mmc_add_host()' function. This oversight can lead to two issues: first, a memory leak from unfreed allocations in 'mmc_alloc_host()'; second, a null pointer dereference when 'mmc_remove_host()' is called in the 'spmmc_drv_remove()' function', attempting to remove a device that was not properly added. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause a memory leak and a null pointer dereference, leading to a crash when the driver is removed.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree, which addresses the return value check and error handling in the Sunplus MMC driver.

Added: Dec 30, 2025, 3:49 PM

Updated: Dec 30, 2025, 3:49 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

1.8

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel MMC Sunplus Driver Return Value Check Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating