CVE-2022-49726

Summary

In the Linux kernel, the following vulnerability has been resolved:

clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()

EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic.

modpost used to detect it, but it has been broken for a decade.

Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds.

There are two ways to fix it:

  • Remove __init
  • Remove EXPORT_SYMBOL

I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxdd2cb348613b44f9d948b068775e159aad298599 < cff3a7ce6e81418b6e8bac941779bbf5d342d626affected
LinuxLinuxdd2cb348613b44f9d948b068775e159aad298599 < db965e2757d95f695e606856418cd84003dd036daffected
LinuxLinuxdd2cb348613b44f9d948b068775e159aad298599 < 0414eab7c78f3518143d383e448d44fc573ac6d2affected
LinuxLinuxdd2cb348613b44f9d948b068775e159aad298599 < 937fcbb55a1e48a6422e87e8f49422c92265f102affected
LinuxLinuxdd2cb348613b44f9d948b068775e159aad298599 < 245b993d8f6c4e25f19191edfbd8080b645e12b1affected
LinuxLinux5.3affected
LinuxLinux0 < 5.3unaffected
LinuxLinux5.4.200 <= 5.4.*unaffected
LinuxLinux5.10.124 <= 5.10.*unaffected
LinuxLinux5.15.49 <= 5.15.*unaffected
LinuxLinux5.18.6 <= 5.18.*unaffected
LinuxLinux5.19 <= *unaffected

Weaknesses

References