| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100122-CVE-2022-50468-3196@gregkh> Date: Wed, 1 Oct 2025 13:45:38 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2022-50468: platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() The following WARNING message was given when rmmod cros_usbpd_notify: Unexpected driver unregister! WARNING: CPU: 0 PID: 253 at drivers/base/driver.c:270 driver_unregister+0x8a/0xb0 Modules linked in: cros_usbpd_notify(-) CPU: 0 PID: 253 Comm: rmmod Not tainted 6.1.0-rc3 #24 ... Call Trace: <TASK> cros_usbpd_notify_exit+0x11/0x1e [cros_usbpd_notify] __x64_sys_delete_module+0x3c7/0x570 ? __ia32_sys_delete_module+0x570/0x570 ? lock_is_held_type+0xe3/0x140 ? syscall_enter_from_user_mode+0x17/0x50 ? rcu_read_lock_sched_held+0xa0/0xd0 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f333fe9b1b7 The reason is that the cros_usbpd_notify_init() does not check the return value of platform_driver_register(), and the cros_usbpd_notify can install successfully even if platform_driver_register() failed. Fix by checking the return value of platform_driver_register() and unregister cros_usbpd_notify_plat_driver when it failed. The Linux kernel CVE team has assigned CVE-2022-50468 to this issue. Affected and fixed versions =========================== Issue introduced in 5.7 with commit ec2daf6e33f9f9113ba085b6ff88592907b6f1ce and fixed in 5.10.163 with commit 5c0cacdd354987f8f5348d16908716f154047890 Issue introduced in 5.7 with commit ec2daf6e33f9f9113ba085b6ff88592907b6f1ce and fixed in 5.15.86 with commit cab345f9d51943898e406275f9607c145adb1877 Issue introduced in 5.7 with commit ec2daf6e33f9f9113ba085b6ff88592907b6f1ce and fixed in 6.0.16 with commit 7b6ee54995739202b4a0cc01b7e9269f761c573d Issue introduced in 5.7 with commit ec2daf6e33f9f9113ba085b6ff88592907b6f1ce and fixed in 6.1.2 with commit 751f12696d797e785d2611099fe9f0569d47556e Issue introduced in 5.7 with commit ec2daf6e33f9f9113ba085b6ff88592907b6f1ce and fixed in 6.2 with commit 5a2d96623670155d94aca72c320c0ac27bdc6bd2 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2022-50468 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/platform/chrome/cros_usbpd_notify.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/5c0cacdd354987f8f5348d16908716f154047890 https://git.kernel.org/stable/c/cab345f9d51943898e406275f9607c145adb1877 https://git.kernel.org/stable/c/7b6ee54995739202b4a0cc01b7e9269f761c573d https://git.kernel.org/stable/c/751f12696d797e785d2611099fe9f0569d47556e https://git.kernel.org/stable/c/5a2d96623670155d94aca72c320c0ac27bdc6bd2
Powered by blists - more mailing lists