CVE-2022-50347 – This CVE describes a memory leak and potential ... (How to Fix)

Q: What is the severity of CVE-2022-50347?

CVE-2022-50347 has a CVSS score of 5.5 (MEDIUM). This CVE describes a memory leak and potential kernel crash in the Linux kernel's mmc driver for Realtek RTSX USB SD/MMC card readers. If mmc_add_host() fails during device initialization, the driver doesn't properly clean up allocated resources, leading to memory leaks and potential crashes when removing the device. This affects Linux systems using Realtek RTSX USB SD/MMC card readers.

📋 TL;DR

This CVE describes a memory leak and potential kernel crash in the Linux kernel's mmc driver for Realtek RTSX USB SD/MMC card readers. If mmc_add_host() fails during device initialization, the driver doesn't properly clean up allocated resources, leading to memory leaks and potential crashes when removing the device. This affects Linux systems using Realtek RTSX USB SD/MMC card readers.

💻 Affected Systems

Products:

Linux kernel with rtsx_usb_sdmmc driver

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Realtek RTSX USB SD/MMC card readers where the rtsx_usb_sdmmc driver is loaded. Many systems may not have this hardware.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash when the vulnerable driver module is loaded/unloaded, potentially causing system instability or denial of service.

🟠

Likely Case

Memory leak leading to gradual resource exhaustion over time, particularly on systems with frequent SD/MMC card reader usage or driver module reloads.

🟢

If Mitigated

Minor performance impact from memory leaks if system has sufficient resources and driver isn't frequently reloaded.

🌐 Internet-Facing: LOW - This is a local driver vulnerability requiring physical or local access to trigger via SD/MMC card operations.

🏢 Internal Only: MEDIUM - Internal users with physical access to SD/MMC slots or ability to load/unload kernel modules could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access to trigger the error condition in mmc_add_host(), which may require specific hardware states or timing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Linux kernel with commits: 1491667d5450778a265eddddd294219acfd648cb, 7fa922c7a3dd623fd59f1af50e8896fd9ca7f654, 89303ddbb502c3bc8edbf864f9f85500c8fe07e9, 937112e991ed25d1727d878734adcbef3b900274, a522e26a20a43dcfbef9ee9f71ed803290e852b0

Vendor Advisory: https://git.kernel.org/stable/c/

Restart Required: No

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. For distributions: Use package manager (apt/yum/dnf) to update kernel package. 3. Rebuild kernel if using custom kernel. 4. Reboot to load new kernel.

🔧 Temporary Workarounds

Disable vulnerable driver

all

Blacklist or prevent loading of rtsx_usb_sdmmc kernel module

echo 'blacklist rtsx_usb_sdmmc' >> /etc/modprobe.d/blacklist.conf
rmmod rtsx_usb_sdmmc

Disable SD/MMC card reader

all

Disable the USB device if not needed

echo '1-1' | sudo tee /sys/bus/usb/drivers/usb/unbind

🧯 If You Can't Patch

Avoid using SD/MMC card readers on affected systems
Monitor system memory usage for unusual leaks
Restrict local user access to systems with vulnerable hardware

🔍 How to Verify

Check if Vulnerable:

Check if rtsx_usb_sdmmc module is loaded: lsmod | grep rtsx_usb_sdmmc

Check Version:

uname -r

Verify Fix Applied:

Check kernel version contains fix commits or modinfo shows patched version

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages
'mmc_add_host failed' errors in dmesg
Memory allocation failures in kernel logs

Network Indicators:

None - local driver issue

SIEM Query:

source="kernel" AND ("mmc_add_host" OR "rtsx_usb_sdmmc" OR "kernel panic")

📊 Metadata

CVE ID: CVE-2022-50347

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.01% exploit probability (1.1th percentile)

Published: September 16, 2025

Last Updated: January 14, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-50347, you might also want to check these: