Detections
Analytics

CVE-2022-49726

medium

Description

In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)

References

https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d

https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626

https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102

https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1

https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2

Details

Source: Mitre, NVD

Published: 2025-02-26

Updated: 2025-02-26

Risk Information

CVSS v2

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium