CVE-2022-49726

In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2	Patch
https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1	Patch
https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102	Patch
https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626	Patch
https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc1::::::
	cpe:2.3:o:linux:linux_kernel:5.19:rc2::::::

History

No history.

Information

Published : 2025-02-26 07:01

Updated : 2025-10-24 18:52

NVD link : CVE-2022-49726

Mitre link : CVE-2022-49726

CVE.ORG link : CVE-2022-49726

JSON object : View

Products Affected

linux

linux_kernel

CWE

CWE-908

Use of Uninitialized Resource

{"id": "CVE-2022-49726", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-02-26T07:01:48.257", "references": [{"url": "https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-908"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: hyper-v: unexport __init-annotated hv_init_clocksource()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\narch/x86/kernel/cpu/mshyperv.c is never compiled as modular.\n(CONFIG_HYPERVISOR_GUEST is boolean)"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL y __init es una mala combinaci\u00f3n porque la secci\u00f3n .init.text se libera despu\u00e9s de la inicializaci\u00f3n. Por lo tanto, los m\u00f3dulos no pueden usar s\u00edmbolos anotados __init. El acceso a un s\u00edmbolo liberado puede terminar con un p\u00e1nico del kernel. modpost sol\u00eda detectarlo, pero ha estado roto durante una d\u00e9cada. Recientemente, arregl\u00e9 modpost para que comenzara a advertirlo nuevamente, luego apareci\u00f3 en las compilaciones de linux-next. Hay dos formas de solucionarlo: - Eliminar __init - Eliminar EXPORT_SYMBOL Eleg\u00ed la \u00faltima para este caso porque el \u00fanico sitio de llamada en el \u00e1rbol, arch/x86/kernel/cpu/mshyperv.c nunca se compila como modular. (CONFIG_HYPERVISOR_GUEST es booleano)"}], "lastModified": "2025-10-24T18:52:35.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06C9BEC4-FEF8-4616-9D9C-AA0A09A1938D", "versionEndExcluding": "5.4.200", "versionStartIncluding": "5.3"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6442F2CD-FF1C-4574-9948-138835E635D7", "versionEndExcluding": "5.10.124", "versionStartIncluding": "5.5"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "697D250E-E0A4-41BE-BB54-96385E129206", "versionEndExcluding": "5.15.49", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDD33A19-B51E-4090-A47B-073098916815", "versionEndExcluding": "5.18.6", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8C30C2D-F82D-4D37-AB48-D76ABFBD5377"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF8547FC-C849-4F1B-804B-A93AE2F04A92"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}