CVE-2022-50640

medium

Description

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fix kernel panic when remove non-standard SDIO card SDIO tuple is only allocated for standard SDIO card, especially it causes memory corruption issues when the non-standard SDIO card has removed, which is because the card device's reference counter does not increase for it at sdio_init_func(), but all SDIO card device reference counter gets decreased at sdio_release_func().

References

https://git.kernel.org/stable/c/b8b2965932e702b21e335ff30e1bb550f5a23b6f

https://git.kernel.org/stable/c/b3275dde570b6420106a715bb58a0af041b94d95

https://git.kernel.org/stable/c/9972e6b404884adae9eec7463e30d9b3c9a70b18

https://git.kernel.org/stable/c/8bf037279b5869ae9331c42bb1527d2680ebba96

https://git.kernel.org/stable/c/7a09c64b7da0abdec3919812e3d93ecc44069ed0

https://git.kernel.org/stable/c/66d461a92f32b6995b630625d350259b6b1f961b

https://git.kernel.org/stable/c/1fb79478695d92bab1c120ad3dad05252b02a29d

https://git.kernel.org/stable/c/1e8cd93ae536581562bab4e1d8c5315bbc2548bf

Details

Source: Mitre, NVD

Published: 2025-12-09

Updated: 2025-12-09

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00024