CVE-2022-50347: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-50347 affects the Linux kernel's MMC subsystem, specifically the rtsxusbsdmmc driver. The vulnerability was disclosed in September 2025 and involves an improper return value check of mmcaddhost() function that could lead to memory leaks and potential kernel crashes (Ubuntu Security).

The vulnerability stems from a failure to properly check the return value of mmcaddhost() in the rtsxusbsdmmc driver. When mmcaddhost() returns an error, the memory allocated by mmcallochost() is not properly freed, leading to memory leaks. Additionally, the issue can cause a kernel crash due to attempting to delete a device that was not properly added in the remove path. The fix involves implementing proper return value checking and calling mmcfreehost() in the error path, along with proper handling of ledclassdevunregister() and pmruntimedisable() (Ubuntu Security).

The vulnerability can result in memory leaks in the Linux kernel and potential system crashes when removing affected devices. This affects systems using the rtsxusbsdmmc driver for MMC/SD card functionality (Ubuntu Security).

The issue has been fixed in various Linux kernel versions across different distributions. Ubuntu has released patches for multiple versions: 5.15.0-69.76 for 22.04 LTS (jammy), 5.4.0-144.161 for 20.04 LTS (focal), and 4.15.0-208.220 for 18.04 LTS (bionic). The fix includes proper error handling and memory management in the affected driver (Ubuntu Security).