vulnerability
Ubuntu: (CVE-2022-49675): linux vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:N/A:C) | Feb 26, 2025 | Mar 19, 2025 | Oct 27, 2025 |
Description
In the Linux kernel, the following vulnerability has been resolved:
tick/nohz: unexport __init-annotated tick_nohz_full_setup()
EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.
modpost used to detect it, but it had been broken for a decade.
Commit 28438794aba4 ("modpost: fix section mismatch check for exported
init/exit sections") fixed it so modpost started to warn it again, then
this showed up:
MODPOST vmlinux.symvers
WARNING: modpost: vmlinux.o(___ksymtab_gpl+tick_nohz_full_setup+0x0): Section mismatch in reference from the variable __ksymtab_tick_nohz_full_setup to the function .init.text:tick_nohz_full_setup()
The symbol tick_nohz_full_setup is exported and annotated __init
Fix this by removing the __init annotation of tick_nohz_full_setup or drop the export.
Drop the export because tick_nohz_full_setup() is only called from the
built-in code in kernel/sched/isolation.c.
Solutions
References
- CVE-2022-49675
- https://attackerkb.com/topics/CVE-2022-49675
- CWE-908
- URL-https://git.kernel.org/linus/2390095113e98fc52fffe35c5206d30d9efe3f78
- URL-https://git.kernel.org/stable/c/2390095113e98fc52fffe35c5206d30d9efe3f78
- URL-https://git.kernel.org/stable/c/c4ff3ffe0138234774602152fe67e3a898c615c6
- URL-https://git.kernel.org/stable/c/ea32b27e2f8c58c92bff5ecba7fcf64b97707089
- URL-https://git.kernel.org/stable/c/f4a80ec8c51d68be4b7a7830c510f75080c5e417
- URL-https://www.cve.org/CVERecord?id=CVE-2022-49675
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.