CVE-2022-49675
26.02.2025, 07:01
In the Linux kernel, the following vulnerability has been resolved:
tick/nohz: unexport __init-annotated tick_nohz_full_setup()
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it had been broken for a decade.
Commit 28438794aba4 ("modpost: fix section mismatch check for exported
init/exit sections") fixed it so modpost started to warn it again, then
this showed up:
MODPOST vmlinux.symvers
WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()
The symbol tick_nohz_full_setup is exported and annotated __init
Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.
Drop the export because tick_nohz_full_setup() is only called from the
built-in code in kernel/sched/isolation.c.Enginsight| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 5.5 ≤ 𝑥 < 5.10.128 |
| linux | linux_kernel | 5.11 ≤ 𝑥 < 5.15.52 |
| linux | linux_kernel | 5.16 ≤ 𝑥 < 5.18.9 |
| linux | linux_kernel | 5.19:rc1 |
| linux | linux_kernel | 5.19:rc2 |
| linux | linux_kernel | 5.19:rc3 |
| linux | linux_kernel | 5.19:rc4 |
𝑥
= Vulnerable software versions
Debian Releases
Common Weakness Enumeration