CVE-2022-49726

MEDIUM EPSS 17.2%
Published Feb 26, 20251y ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Feb 26, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
17.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-908

Affected Products 6

VendorProductVersionRange
linuxlinux_kernel*≥5.3  –  <5.4.200
linuxlinux_kernel*≥5.5  –  <5.10.124
linuxlinux_kernel*≥5.11  –  <5.15.49
linuxlinux_kernel*≥5.16  –  <5.18.6
linuxlinux_kernel5.19any
linuxlinux_kernel5.19any

References 5

  • git.kernel.org https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d
    Patch