CVE-2023-54204

mmcaddhost() may return error, if we ignore its return value, 1. the memory allocated in mmcallochost() will be leaked 2. null-ptr-deref will happen when calling mmcremovehost() in remove function spmmcdrvremove() because deleting not added device.

Fix this by checking the return value of mmcaddhost(). Moreover, I fixed the error handling path of spmmcdrvprobe() to clean up.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/54xxx/CVE-2023-54204.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

4e268fed8b1861616af28f9cfb4eed8ca5d7af6c

Fixed

741a951f41929f39cae70c66d86d0754d3129d0a

Fixed

dce6d8f985fa1ef5c2af47f4f86ea65511b78656

Affected versions

v6.*

v6.1

v6.2

v6.2-rc1

v6.2-rc2

v6.2-rc3

v6.2-rc4

v6.2-rc5

v6.2-rc6

v6.2-rc7

v6.2-rc8

v6.3

v6.3-rc1

v6.3-rc2

v6.3-rc3

v6.3-rc4

v6.3-rc5

v6.3-rc6

v6.3-rc7

v6.4

v6.4-rc1

v6.4-rc2

v6.4-rc3

v6.4-rc4

v6.4-rc5

v6.4-rc6

v6.4-rc7

v6.4.1

v6.4.10

v6.4.11

v6.4.2

v6.4.3

v6.4.4

v6.4.5

v6.4.6

v6.4.7

v6.4.8

v6.4.9

v6.5-rc1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54204.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.2.0

Fixed

6.4.12

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-54204.json"