CVE-2022-50850

Vulnerability

Overview

In the Linux kernel, the ipr_init() function in the SCSI IPR driver fails to call unregister_reboot_notifier() when pci_register_driver() returns an error. This omission can lead to a kernel WARNING because the notifier callback ipr_halt is registered a second time if the module is loaded again or if initialization is retried [1][2]. The WARNING message 'notifier callback ipr_halt [ipr] already registered' is emitted by the kernel's notifier chain code when a notifier_chain_register() detects an already-registered callback [3].

Exploitation

Conditions

Triggering this issue requires a system where the ipr driver module is loaded and pci_register_driver() fails—for example, for example due to hardware not being present or resource exhaustion. The attacker must be able to load the kernel module (requires root privileges or the ability to trigger module loading). A non-malicious scenario is more common: a system administrator attempting to load the module on hardware without supported adapters, or when PCI resources are unavailable.

Impact

The primary impact is a kernel WARNING, which can cause system log spam and might be leveraged to destabilize the system if combined with other bugs. In a worst-case scenario, the double-registered notifier could lead to a panic or crash when the notifier is called during reboot, though the immediate symptom is a WARNING. The CVE does not indicate code execution or privilege escalation, but the WARNING can be disruptive.

Mitigation

The fix was merged into the Linux kernel stable branches, backported to version 6.1 and earlier [4]. The commit adds the missing unregister_reboot_notifier() call in the error path of ipr_init(). Affected users should update their kernel to a version containing the fix or apply the patch manually.