fkie_cve-2022-49350
Vulnerability from fkie_nvd
Published
2025-02-26 07:01
Modified
2025-02-26 07:01
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport __init-annotated mdio_bus_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, drivers/net/phy/phy_device.c is never compiled as modular. (CONFIG_PHYLIB is boolean)
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/35b42dce619701f1300fb8498dae82c9bb1f0263
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/5534bcd7c40299862237c4a8fd9c5031b3db1538
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/59fa94cddf9eef8d8dae587373eed8b8f4eb11d7
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/6a90a44d53428a3bf01bd80df9ba78b19959270c
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7759c3222815b945a94b212bc0c6cdec475cfec2
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ab64ec2c75683f30ccde9eaaf0761002f901aa12
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f2f0f8c18b60ca64ff50892ed899cf1c77864755
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mdio: unexport __init-annotated mdio_bus_init()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n  - Remove __init\n  - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\ndrivers/net/phy/phy_device.c is never compiled as modular.\n(CONFIG_PHYLIB is boolean)"
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: mdio: unexport __init-annotated mdio_bus_init() EXPORT_SYMBOL y __init es una mala combinaci\u00f3n porque la secci\u00f3n .init.text se libera despu\u00e9s de la inicializaci\u00f3n. Por lo tanto, los m\u00f3dulos no pueden usar s\u00edmbolos anotados __init. El acceso a un s\u00edmbolo liberado puede terminar con un p\u00e1nico del kernel. modpost sol\u00eda detectarlo, pero ha estado roto durante una d\u00e9cada. Recientemente, arregl\u00e9 modpost para que comenzara a advertirlo nuevamente, luego apareci\u00f3 en las compilaciones de linux-next. Hay dos formas de solucionarlo: - Eliminar __init - Eliminar EXPORT_SYMBOL Eleg\u00ed la \u00faltima para este caso porque el \u00fanico sitio de llamada en el \u00e1rbol, drivers/net/phy/phy_device.c nunca se compila como modular. (CONFIG_PHYLIB es booleano)"
    }
  ],
  "id": "CVE-2022-49350",
  "lastModified": "2025-02-26T07:01:11.723",
  "metrics": {},
  "published": "2025-02-26T07:01:11.723",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/35b42dce619701f1300fb8498dae82c9bb1f0263"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/5534bcd7c40299862237c4a8fd9c5031b3db1538"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/59fa94cddf9eef8d8dae587373eed8b8f4eb11d7"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/6a90a44d53428a3bf01bd80df9ba78b19959270c"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7759c3222815b945a94b212bc0c6cdec475cfec2"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ab64ec2c75683f30ccde9eaaf0761002f901aa12"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f2f0f8c18b60ca64ff50892ed899cf1c77864755"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.