CVE-2022-50468
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-01

Last updated on: 2025-10-02

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() The following WARNING message was given when rmmod cros_usbpd_notify: Unexpected driver unregister! WARNING: CPU: 0 PID: 253 at drivers/base/driver.c:270 driver_unregister+0x8a/0xb0 Modules linked in: cros_usbpd_notify(-) CPU: 0 PID: 253 Comm: rmmod Not tainted 6.1.0-rc3 #24 ... Call Trace: <TASK> cros_usbpd_notify_exit+0x11/0x1e [cros_usbpd_notify] __x64_sys_delete_module+0x3c7/0x570 ? __ia32_sys_delete_module+0x570/0x570 ? lock_is_held_type+0xe3/0x140 ? syscall_enter_from_user_mode+0x17/0x50 ? rcu_read_lock_sched_held+0xa0/0xd0 ? syscall_enter_from_user_mode+0x1c/0x50 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f333fe9b1b7 The reason is that the cros_usbpd_notify_init() does not check the return value of platform_driver_register(), and the cros_usbpd_notify can install successfully even if platform_driver_register() failed. Fix by checking the return value of platform_driver_register() and unregister cros_usbpd_notify_plat_driver when it failed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-01
Last Modified
2025-10-02
Generated
2026-05-07
AI Q&A
2025-10-01
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50468
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is in the Linux kernel's cros_usbpd_notify driver. The issue is that the initialization function cros_usbpd_notify_init() does not check the return value of platform_driver_register(). As a result, the driver can appear to install successfully even if platform_driver_register() fails. This leads to an unexpected driver unregister warning when removing the module, indicating improper error handling during driver registration.


How can this vulnerability impact me? :

The vulnerability can cause instability or unexpected behavior in the system when the cros_usbpd_notify driver is loaded or unloaded. Specifically, it may lead to warnings and potential issues related to driver unregistration, which could affect system reliability or cause kernel errors during module removal.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection can be done by checking for the presence and status of the cros_usbpd_notify kernel module and monitoring for the specific WARNING message during module removal. For example, use 'lsmod | grep cros_usbpd_notify' to check if the module is loaded, and 'dmesg | grep "Unexpected driver unregister!"' to find related warning messages.


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation involves updating the Linux kernel to a version where the cros_usbpd_notify_init() function properly checks the return value of platform_driver_register() and unregisters the driver on failure. Until then, avoid removing the cros_usbpd_notify module to prevent the warning and potential issues.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart