CVE-2022-49345

net: xfrm: unexport __init-annotated xfrm4_protocol_init()

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

MITRE
TN

In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport __init-annotated xfrm4_protocol_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this
showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site,
net/ipv4/xfrm4_policy.c is never compiled as modular.
(CONFIG_XFRM is boolean)

In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport __init-annotated xfrm4_protocol_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, net/ipv4/xfrm4_policy.c is never compiled as modular. (CONFIG_XFRM is boolean)

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2025-02-26 CVE Reserved
2025-02-26 CVE Published
2025-02-26 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (10)

URL	Tag	Source
https://git.kernel.org/stable/c/2f32b51b609faea1e40bb8c5bd305f1351740936	Vuln. Introduced

URL	Date	SRC

URL	Date	SRC
https://git.kernel.org/stable/c/c58d82a1264813e69119c13e9804e2e60b664ad5	2022-06-14
https://git.kernel.org/stable/c/e53cd3814504b2cadaba4d5a8a07eeea9ddacd03	2022-06-14
https://git.kernel.org/stable/c/31f3c6a4dcd3260a386e62cef2d5b36e902600a1	2022-06-14
https://git.kernel.org/stable/c/ef6d2354de238b065d8799c80da4be9a6af18e39	2022-06-14
https://git.kernel.org/stable/c/be3884d5cd04ccd58294b83a02d70b7c5fca19d3	2022-06-14
https://git.kernel.org/stable/c/85a055c03691e51499123194a14a0c249cf33227	2022-06-14
https://git.kernel.org/stable/c/e04d59cfe0c0129df7aba7ef7bb17b96be2a64f2	2022-06-14
https://git.kernel.org/stable/c/2b253fbc9f7b5db18d716436bdcf8ecef09fd63d	2022-06-14
https://git.kernel.org/stable/c/4a388f08d8784af48f352193d2b72aaf167a57a1	2022-06-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 4.9.318 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 4.9.318"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 4.14.283 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 4.14.283"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 4.19.247 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 4.19.247"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.4.198 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.4.198"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.10.122 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.10.122"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.15.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.15.47"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.17.15 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.17.15"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.18.4 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.18.4"		en		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.15 < 5.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 5.19"		en		Affected