CVE-2022-49345
Published: Feb 26, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport __init-annotated xfrm4_protocol_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, net/ipv4/xfrm4_policy.c is never compiled as modular. (CONFIG_XFRM is boolean)
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 2f32b51b609faea1e40bb8c5bd305f1351740936 - < c58d82a1264813e69119c13e9804e2e60b664ad5affected 2f32b51b609faea1e40bb8c5bd305f1351740936 - < e53cd3814504b2cadaba4d5a8a07eeea9ddacd03affected 2f32b51b609faea1e40bb8c5bd305f1351740936 - < 31f3c6a4dcd3260a386e62cef2d5b36e902600a1affected 2f32b51b609faea1e40bb8c5bd305f1351740936 - < ef6d2354de238b065d8799c80da4be9a6af18e39affected 2f32b51b609faea1e40bb8c5bd305f1351740936 - < be3884d5cd04ccd58294b83a02d70b7c5fca19d3+4 more versions |
Linux | Linux | affected 3.15unaffected 0 - < 3.15unaffected 4.9.318 - <= 4.9.*unaffected 4.14.283 - <= 4.14.*unaffected 4.19.247 - <= 4.19.*+6 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now