| { |
| "containers": { |
| "cna": { |
| "providerMetadata": { |
| "orgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038" |
| }, |
| "descriptions": [ |
| { |
| "lang": "en", |
| "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclocksource: hyper-v: unexport __init-annotated hv_init_clocksource()\n\nEXPORT_SYMBOL and __init is a bad combination because the .init.text\nsection is freed up after the initialization. Hence, modules cannot\nuse symbols annotated __init. The access to a freed symbol may end up\nwith kernel panic.\n\nmodpost used to detect it, but it has been broken for a decade.\n\nRecently, I fixed modpost so it started to warn it again, then this\nshowed up in linux-next builds.\n\nThere are two ways to fix it:\n\n - Remove __init\n - Remove EXPORT_SYMBOL\n\nI chose the latter for this case because the only in-tree call-site,\narch/x86/kernel/cpu/mshyperv.c is never compiled as modular.\n(CONFIG_HYPERVISOR_GUEST is boolean)" |
| } |
| ], |
| "affected": [ |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "unaffected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/clocksource/hyperv_timer.c" |
| ], |
| "versions": [ |
| { |
| "version": "dd2cb348613b44f9d948b068775e159aad298599", |
| "lessThan": "cff3a7ce6e81418b6e8bac941779bbf5d342d626", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "dd2cb348613b44f9d948b068775e159aad298599", |
| "lessThan": "db965e2757d95f695e606856418cd84003dd036d", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "dd2cb348613b44f9d948b068775e159aad298599", |
| "lessThan": "0414eab7c78f3518143d383e448d44fc573ac6d2", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "dd2cb348613b44f9d948b068775e159aad298599", |
| "lessThan": "937fcbb55a1e48a6422e87e8f49422c92265f102", |
| "status": "affected", |
| "versionType": "git" |
| }, |
| { |
| "version": "dd2cb348613b44f9d948b068775e159aad298599", |
| "lessThan": "245b993d8f6c4e25f19191edfbd8080b645e12b1", |
| "status": "affected", |
| "versionType": "git" |
| } |
| ] |
| }, |
| { |
| "product": "Linux", |
| "vendor": "Linux", |
| "defaultStatus": "affected", |
| "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", |
| "programFiles": [ |
| "drivers/clocksource/hyperv_timer.c" |
| ], |
| "versions": [ |
| { |
| "version": "5.3", |
| "status": "affected" |
| }, |
| { |
| "version": "0", |
| "lessThan": "5.3", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.4.200", |
| "lessThanOrEqual": "5.4.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.10.124", |
| "lessThanOrEqual": "5.10.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.15.49", |
| "lessThanOrEqual": "5.15.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.18.6", |
| "lessThanOrEqual": "5.18.*", |
| "status": "unaffected", |
| "versionType": "semver" |
| }, |
| { |
| "version": "5.19", |
| "lessThanOrEqual": "*", |
| "status": "unaffected", |
| "versionType": "original_commit_for_fix" |
| } |
| ] |
| } |
| ], |
| "cpeApplicability": [ |
| { |
| "nodes": [ |
| { |
| "operator": "OR", |
| "negate": false, |
| "cpeMatch": [ |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.3", |
| "versionEndExcluding": "5.4.200" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.3", |
| "versionEndExcluding": "5.10.124" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.3", |
| "versionEndExcluding": "5.15.49" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.3", |
| "versionEndExcluding": "5.18.6" |
| }, |
| { |
| "vulnerable": true, |
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", |
| "versionStartIncluding": "5.3", |
| "versionEndExcluding": "5.19" |
| } |
| ] |
| } |
| ] |
| } |
| ], |
| "references": [ |
| { |
| "url": "https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102" |
| }, |
| { |
| "url": "https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1" |
| } |
| ], |
| "title": "clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()", |
| "x_generator": { |
| "engine": "bippy-1.2.0" |
| } |
| } |
| }, |
| "cveMetadata": { |
| "assignerOrgId": "f4215fc3-5b6b-47ff-a258-f7189bd81038", |
| "cveID": "CVE-2022-49726", |
| "requesterUserId": "gregkh@kernel.org", |
| "serial": "1", |
| "state": "PUBLISHED" |
| }, |
| "dataType": "CVE_RECORD", |
| "dataVersion": "5.0" |
| } |
