CVE-2022-49726

EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic.

modpost used to detect it, but it has been broken for a decade.

Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds.

There are two ways to fix it:

Remove __init
Remove EXPORT_SYMBOL

I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIGHYPERVISORGUEST is boolean)

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49726.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

dd2cb348613b44f9d948b068775e159aad298599

Fixed

cff3a7ce6e81418b6e8bac941779bbf5d342d626

Fixed

db965e2757d95f695e606856418cd84003dd036d

Fixed

0414eab7c78f3518143d383e448d44fc573ac6d2

Fixed

937fcbb55a1e48a6422e87e8f49422c92265f102

Fixed

245b993d8f6c4e25f19191edfbd8080b645e12b1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49726.json"

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

5.3.0

Fixed

5.4.200

Type: ECOSYSTEM
Events: Introduced

5.5.0

Fixed

5.10.124

Type: ECOSYSTEM
Events: Introduced

5.11.0

Fixed

5.15.49

Type: ECOSYSTEM
Events: Introduced

5.16.0

Fixed

5.18.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49726.json"