Kernel Vulnerability in Linux Hyper-V Clocksource Implementation
CVE-2022-49726

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 February 2025

Summary

A vulnerability exists in the Linux kernel related to the improper use of the EXPORT_SYMBOL and __init annotations in the Hyper-V clocksource implementation. This design flaw allows symbols marked as __init, which are from a section that is released after initialization, to be mistakenly accessed by modules. This could lead to kernel panic if these freed symbols are used. The issue was identified following a revision of modpost tool, which highlighted previously undetected incidents in linux-next builds. To mitigate this vulnerability, the recommended actions include either removing the __init annotation or avoiding the EXPORT_SYMBOL in the affected code.

Affected Version(s)

Linux dd2cb348613b44f9d948b068775e159aad298599

Linux dd2cb348613b44f9d948b068775e159aad298599 < 0414eab7c78f3518143d383e448d44fc573ac6d2

References

https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941...

https://git.kernel.org/stable/c/db965e2757d95f695e6068564...

https://git.kernel.org/stable/c/0414eab7c78f3518143d383e4...

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Feb 26, 2025