Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CVE-2023-52708 | Mondoo Vulnerability Intelligence

Vulnerability IntelligenceCVE-2023-52708

CVE-2023-52708

MEDIUM5.5

mmc: mmc_spi: fix error handling in mmc_spi_probe()

Published May 21, 2024

Modified 10 months ago

Details

In the Linux kernel, the following vulnerability has been resolved:

mmc: mmc_spi: fix error handling in mmc_spi_probe()

If mmc_add_host() fails, it doesn't need to call mmc_remove_host(), or it will cause null-ptr-deref, because of deleting a not added device in mmc_remove_host().

To fix this, goto label 'fail_glue_init', if mmc_add_host() fails, and change the label 'fail_add_host' to 'fail_gpiod_request'.

References

WEB

https://git.kernel.org/stable/c/0b3edcb24bd81b3b2e3dac89f4733bfd47d283be

WEB

https://git.kernel.org/stable/c/82645bf4ed02abe930a659c5fe16d593a6dbd93f

WEB

https://git.kernel.org/stable/c/cf4c9d2ac1e42c7d18b921bec39486896645b714

WEB

https://git.kernel.org/stable/c/e9b488d60f51ae312006e224e03a30a151c28bdd

WEB

https://git.kernel.org/stable/c/ecad2fafd424ffdc203b2748ded0b37e4bbecef3

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2023-52708

CVSS Analysis

CVSS v3.1

5.5

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

5.5/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Ecosystems

Timeline

PublishedMay 21, 2024

ModifiedMay 4, 2025