CVE-2022-49675

Summary

In the Linux kernel, the following vulnerability has been resolved:

tick/nohz: unexport __init-annotated tick_nohz_full_setup()

EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic.

modpost used to detect it, but it had been broken for a decade.

Commit 28438794aba4 ("modpost: fix section mismatch check for exported init/exit sections") fixed it so modpost started to warn it again, then this showed up:

MODPOST vmlinux.symvers

WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup() The symbol tick_nohz_full_setup is exported and annotated __init Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.

Drop the export because tick_nohz_full_setup() is only called from the built-in code in kernel/sched/isolation.c.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxae9e557b5be2e285f48ee945d9c8faf75d4f6a66 < c4ff3ffe0138234774602152fe67e3a898c615c6affected
LinuxLinuxae9e557b5be2e285f48ee945d9c8faf75d4f6a66 < f4a80ec8c51d68be4b7a7830c510f75080c5e417affected
LinuxLinuxae9e557b5be2e285f48ee945d9c8faf75d4f6a66 < ea32b27e2f8c58c92bff5ecba7fcf64b97707089affected
LinuxLinuxae9e557b5be2e285f48ee945d9c8faf75d4f6a66 < 2390095113e98fc52fffe35c5206d30d9efe3f78affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.10.128 <= 5.10.*unaffected
LinuxLinux5.15.52 <= 5.15.*unaffected
LinuxLinux5.18.9 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

References