Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 5.3, < 5.4.200 |
Related Weaknesses (CWE)
References
- https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2Patch
- https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1Patch
- https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102Patch
- https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626Patch
- https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036dPatch
FAQ
What is CVE-2022-49726?
CVE-2022-49726 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .i...
How severe is CVE-2022-49726?
CVE-2022-49726 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-49726?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.