CVE-2022-49726

In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. (CONFIG_HYPERVISOR_GUEST is boolean)

The following products are affected by CVE-2022-49726 vulnerability.

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-49726.

URL	Resource
https://git.kernel.org/stable/c/0414eab7c78f3518143d383e448d44fc573ac6d2
https://git.kernel.org/stable/c/245b993d8f6c4e25f19191edfbd8080b645e12b1
https://git.kernel.org/stable/c/937fcbb55a1e48a6422e87e8f49422c92265f102
https://git.kernel.org/stable/c/cff3a7ce6e81418b6e8bac941779bbf5d342d626
https://git.kernel.org/stable/c/db965e2757d95f695e606856418cd84003dd036d
https://lore.kernel.org/linux-cve-announce/2025022633-CVE-2022-49726-582f@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49726
https://www.cve.org/CVERecord?id=CVE-2022-49726