CVE-2022-50468

Summary

In the Linux kernel, the following vulnerability has been resolved:

platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init()

The following WARNING message was given when rmmod cros_usbpd_notify:

Unexpected driver unregister! WARNING: CPU: 0 PID: 253 at drivers/base/driver.c:270 driver_unregister+0x8a/0xb0 Modules linked in: cros_usbpd_notify(-) CPU: 0 PID: 253 Comm: rmmod Not tainted 6.1.0-rc3 #24 … Call Trace: <TASK> cros_usbpd_notify_exit+0x11/0x1e [cros_usbpd_notify] __x64_sys_delete_module+0x3c7/0x570 ? __ia32_sys_delete_module+0x570/0x570 ? lock_is_held_type+0xe3/0x140 ? syscall_enter_from_user_mode+0x17/0x50 ? rcu_read_lock_sched_held+0xa0/0xd0 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f333fe9b1b7

The reason is that the cros_usbpd_notify_init() does not check the return value of platform_driver_register(), and the cros_usbpd_notify can install successfully even if platform_driver_register() failed.

Fix by checking the return value of platform_driver_register() and unregister cros_usbpd_notify_plat_driver when it failed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxec2daf6e33f9f9113ba085b6ff88592907b6f1ce < 5c0cacdd354987f8f5348d16908716f154047890affected
LinuxLinuxec2daf6e33f9f9113ba085b6ff88592907b6f1ce < cab345f9d51943898e406275f9607c145adb1877affected
LinuxLinuxec2daf6e33f9f9113ba085b6ff88592907b6f1ce < 7b6ee54995739202b4a0cc01b7e9269f761c573daffected
LinuxLinuxec2daf6e33f9f9113ba085b6ff88592907b6f1ce < 751f12696d797e785d2611099fe9f0569d47556eaffected
LinuxLinuxec2daf6e33f9f9113ba085b6ff88592907b6f1ce < 5a2d96623670155d94aca72c320c0ac27bdc6bd2affected
LinuxLinux5.7affected
LinuxLinux0 < 5.7unaffected
LinuxLinux5.10.163 <= 5.10.*unaffected
LinuxLinux5.15.86 <= 5.15.*unaffected
LinuxLinux6.0.16 <= 6.0.*unaffected
LinuxLinux6.1.2 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

References