In the Linux kernel, the following vulnerability has been resolved:
net: mdio: unexport _init-annotated mdiobus_init()
EXPORTSYMBOL and _init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic.
modpost used to detect it, but it has been broken for a decade.
Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds.
There are two ways to fix it:
I chose the latter for this case because the only in-tree call-site, drivers/net/phy/phydevice.c is never compiled as modular. (CONFIGPHYLIB is boolean)
[
{
"id": "CVE-2022-49350-005e1fa1",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"182179663386392309972916229327215060274",
"185031626679879823560420409733667666797",
"230554753918417459845946910446726288211",
"116854496581754006848110278173734485572"
],
"threshold": 0.9
},
"target": {
"file": "drivers/net/phy/mdio_bus.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ab64ec2c75683f30ccde9eaaf0761002f901aa12",
"deprecated": false
},
{
"id": "CVE-2022-49350-1bdda8a6",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"182179663386392309972916229327215060274",
"185031626679879823560420409733667666797",
"230554753918417459845946910446726288211",
"116854496581754006848110278173734485572"
],
"threshold": 0.9
},
"target": {
"file": "drivers/net/phy/mdio_bus.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@5534bcd7c40299862237c4a8fd9c5031b3db1538",
"deprecated": false
},
{
"id": "CVE-2022-49350-27b9faea",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"182179663386392309972916229327215060274",
"185031626679879823560420409733667666797",
"230554753918417459845946910446726288211",
"116854496581754006848110278173734485572"
],
"threshold": 0.9
},
"target": {
"file": "drivers/net/phy/mdio_bus.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@59fa94cddf9eef8d8dae587373eed8b8f4eb11d7",
"deprecated": false
},
{
"id": "CVE-2022-49350-2b8b2e03",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"182179663386392309972916229327215060274",
"185031626679879823560420409733667666797",
"230554753918417459845946910446726288211",
"116854496581754006848110278173734485572"
],
"threshold": 0.9
},
"target": {
"file": "drivers/net/phy/mdio_bus.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@35b42dce619701f1300fb8498dae82c9bb1f0263",
"deprecated": false
},
{
"id": "CVE-2022-49350-599c978a",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"182179663386392309972916229327215060274",
"185031626679879823560420409733667666797",
"230554753918417459845946910446726288211",
"116854496581754006848110278173734485572"
],
"threshold": 0.9
},
"target": {
"file": "drivers/net/phy/mdio_bus.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f2f0f8c18b60ca64ff50892ed899cf1c77864755",
"deprecated": false
},
{
"id": "CVE-2022-49350-d0fdf7cc",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"182179663386392309972916229327215060274",
"185031626679879823560420409733667666797",
"230554753918417459845946910446726288211",
"116854496581754006848110278173734485572"
],
"threshold": 0.9
},
"target": {
"file": "drivers/net/phy/mdio_bus.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@f5c68137f1191ba3fcf6260ec71b30be2e2bf4c3",
"deprecated": false
},
{
"id": "CVE-2022-49350-e3eba6b4",
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"182179663386392309972916229327215060274",
"185031626679879823560420409733667666797",
"230554753918417459845946910446726288211",
"116854496581754006848110278173734485572"
],
"threshold": 0.9
},
"target": {
"file": "drivers/net/phy/mdio_bus.c"
},
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@6a90a44d53428a3bf01bd80df9ba78b19959270c",
"deprecated": false
}
]