5.5

CVE-2022-49345

net: xfrm: unexport __init-annotated xfrm4_protocol_init()

In the Linux kernel, the following vulnerability has been resolved:

net: xfrm: unexport __init-annotated xfrm4_protocol_init()

EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.

modpost used to detect it, but it has been broken for a decade.

Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds.

There are two ways to fix it:

  - Remove __init
  - Remove EXPORT_SYMBOL

I chose the latter for this case because the only in-tree call-site,
net/ipv4/xfrm4_policy.c is never compiled as modular.
(CONFIG_XFRM is boolean)
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.15 < 4.9.318
LinuxLinux Kernel Version >= 4.10 < 4.14.283
LinuxLinux Kernel Version >= 4.15 < 4.19.247
LinuxLinux Kernel Version >= 4.20 < 5.4.198
LinuxLinux Kernel Version >= 5.5 < 5.10.122
LinuxLinux Kernel Version >= 5.11 < 5.15.47
LinuxLinux Kernel Version >= 5.16 < 5.17.15
LinuxLinux Kernel Version >= 5.18 < 5.18.4
LinuxLinux Kernel Version5.19 Updaterc1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.201
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/2b253fbc9f7b5db18d716436bdcf8ecef09fd63d
Patch
https://git.kernel.org/stable/c/31f3c6a4dcd3260a386e62cef2d5b36e902600a1
Patch
https://git.kernel.org/stable/c/4a388f08d8784af48f352193d2b72aaf167a57a1
Patch
https://git.kernel.org/stable/c/85a055c03691e51499123194a14a0c249cf33227
Patch
https://git.kernel.org/stable/c/be3884d5cd04ccd58294b83a02d70b7c5fca19d3
Patch
https://git.kernel.org/stable/c/c58d82a1264813e69119c13e9804e2e60b664ad5
Patch
https://git.kernel.org/stable/c/e04d59cfe0c0129df7aba7ef7bb17b96be2a64f2
Patch
https://git.kernel.org/stable/c/e53cd3814504b2cadaba4d5a8a07eeea9ddacd03
Patch
https://git.kernel.org/stable/c/ef6d2354de238b065d8799c80da4be9a6af18e39
Patch