cve/published/2022/CVE-2022-49350.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2022-49350: net: mdio: unexport __init-annotated mdio_bus_init()

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 net: mdio: unexport __init-annotated mdio_bus_init()

 EXPORT_SYMBOL and __init is a bad combination because the .init.text
 section is freed up after the initialization. Hence, modules cannot
 use symbols annotated __init. The access to a freed symbol may end up
 with kernel panic.

 modpost used to detect it, but it has been broken for a decade.

 Recently, I fixed modpost so it started to warn it again, then this
 showed up in linux-next builds.

 There are two ways to fix it:

   - Remove __init
   - Remove EXPORT_SYMBOL

 I chose the latter for this case because the only in-tree call-site,
 drivers/net/phy/phy_device.c is never compiled as modular.
 (CONFIG_PHYLIB is boolean)

 The Linux kernel CVE team has assigned CVE-2022-49350 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 4.14.283 with commit ab64ec2c75683f30ccde9eaaf0761002f901aa12
 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 4.19.247 with commit 5534bcd7c40299862237c4a8fd9c5031b3db1538
 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.4.198 with commit 6a90a44d53428a3bf01bd80df9ba78b19959270c
 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.10.122 with commit 7759c3222815b945a94b212bc0c6cdec475cfec2
 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.15.47 with commit 59fa94cddf9eef8d8dae587373eed8b8f4eb11d7
 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.17.15 with commit f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3
 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.18.4 with commit f2f0f8c18b60ca64ff50892ed899cf1c77864755
 	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.19 with commit 35b42dce619701f1300fb8498dae82c9bb1f0263

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2022-49350
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/net/phy/mdio_bus.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ab64ec2c75683f30ccde9eaaf0761002f901aa12
 	https://git.kernel.org/stable/c/5534bcd7c40299862237c4a8fd9c5031b3db1538
 	https://git.kernel.org/stable/c/6a90a44d53428a3bf01bd80df9ba78b19959270c
 	https://git.kernel.org/stable/c/7759c3222815b945a94b212bc0c6cdec475cfec2
 	https://git.kernel.org/stable/c/59fa94cddf9eef8d8dae587373eed8b8f4eb11d7
 	https://git.kernel.org/stable/c/f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3
 	https://git.kernel.org/stable/c/f2f0f8c18b60ca64ff50892ed899cf1c77864755
 	https://git.kernel.org/stable/c/35b42dce619701f1300fb8498dae82c9bb1f0263
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2022-49350: net: mdio: unexport __init-annotated mdio_bus_init()

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	net: mdio: unexport __init-annotated mdio_bus_init()

	EXPORT_SYMBOL and __init is a bad combination because the .init.text
	section is freed up after the initialization. Hence, modules cannot
	use symbols annotated __init. The access to a freed symbol may end up
	with kernel panic.

	modpost used to detect it, but it has been broken for a decade.

	Recently, I fixed modpost so it started to warn it again, then this
	showed up in linux-next builds.

	There are two ways to fix it:

	- Remove __init
	- Remove EXPORT_SYMBOL

	I chose the latter for this case because the only in-tree call-site,
	drivers/net/phy/phy_device.c is never compiled as modular.
	(CONFIG_PHYLIB is boolean)

	The Linux kernel CVE team has assigned CVE-2022-49350 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 4.14.283 with commit ab64ec2c75683f30ccde9eaaf0761002f901aa12
	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 4.19.247 with commit 5534bcd7c40299862237c4a8fd9c5031b3db1538
	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.4.198 with commit 6a90a44d53428a3bf01bd80df9ba78b19959270c
	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.10.122 with commit 7759c3222815b945a94b212bc0c6cdec475cfec2
	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.15.47 with commit 59fa94cddf9eef8d8dae587373eed8b8f4eb11d7
	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.17.15 with commit f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3
	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.18.4 with commit f2f0f8c18b60ca64ff50892ed899cf1c77864755
	Issue introduced in 4.12 with commit 90eff9096c01ba90cdae504a6b95ee87fe2556a3 and fixed in 5.19 with commit 35b42dce619701f1300fb8498dae82c9bb1f0263

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2022-49350
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/net/phy/mdio_bus.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ab64ec2c75683f30ccde9eaaf0761002f901aa12
	https://git.kernel.org/stable/c/5534bcd7c40299862237c4a8fd9c5031b3db1538
	https://git.kernel.org/stable/c/6a90a44d53428a3bf01bd80df9ba78b19959270c
	https://git.kernel.org/stable/c/7759c3222815b945a94b212bc0c6cdec475cfec2
	https://git.kernel.org/stable/c/59fa94cddf9eef8d8dae587373eed8b8f4eb11d7
	https://git.kernel.org/stable/c/f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3
	https://git.kernel.org/stable/c/f2f0f8c18b60ca64ff50892ed899cf1c77864755
	https://git.kernel.org/stable/c/35b42dce619701f1300fb8498dae82c9bb1f0263