CVE-2022-49726

clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()

Description

In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)

N/A
CVSS
Severity:
EPSS 0.03%
Affected: Linux Linux
Affected: Linux Linux
Published at:
Updated at:

References

Link Tags
https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626
https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d
https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2
https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102
https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1

Frequently Asked Questions

What is the severity of CVE-2022-49726?
CVE-2022-49726 has not yet been assigned a CVSS score.
How to fix CVE-2022-49726?
To fix CVE-2022-49726, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2022-49726 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-49726 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-49726?
CVE-2022-49726 affects Linux Linux, Linux Linux.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.