CVE-2022-49350
Published: Feb 26, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport __init-annotated mdio_bus_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, drivers/net/phy/phy_device.c is never compiled as modular. (CONFIG_PHYLIB is boolean)
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 90eff9096c01ba90cdae504a6b95ee87fe2556a3 - < ab64ec2c75683f30ccde9eaaf0761002f901aa12affected 90eff9096c01ba90cdae504a6b95ee87fe2556a3 - < 5534bcd7c40299862237c4a8fd9c5031b3db1538affected 90eff9096c01ba90cdae504a6b95ee87fe2556a3 - < 6a90a44d53428a3bf01bd80df9ba78b19959270caffected 90eff9096c01ba90cdae504a6b95ee87fe2556a3 - < 7759c3222815b945a94b212bc0c6cdec475cfec2affected 90eff9096c01ba90cdae504a6b95ee87fe2556a3 - < 59fa94cddf9eef8d8dae587373eed8b8f4eb11d7+3 more versions |
Linux | Linux | affected 4.12unaffected 0 - < 4.12unaffected 4.14.283 - <= 4.14.*unaffected 4.19.247 - <= 4.19.*unaffected 5.4.198 - <= 5.4.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now