一、 漏洞 CVE-2022-49350 基础信息
漏洞标题
net: mdio: 不导出 __init 注释的 mdio_bus_init()
来源:AIGC 神龙大模型
漏洞描述信息
在Linux内核中,已解决以下漏洞: net: mdio: 不再导出由__init注解的mdio_bus_init() EXPORT_SYMBOL与__init的组合是不合理的,因为在初始化完成后,.init.text节段会被释放。因此,模块不能使用带有__init注解的符号。访问已被释放的符号可能导致内核恐慌。 modpost过去曾用于检测此类问题,但在过去十年中已失效。 最近,我修复了modpost,使其重新开始对此类问题发出警告,从而在linux-next构建中发现了这个问题。 解决该问题有两种方法: - 移除__init - 移除EXPORT_SYMBOL 在这种情况下,我选择了后者,因为唯一的内核树调用点drivers/net/phy/phy_device.c从未作为模块编译(CONFIG_PHYLIB为布尔值)。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
来源:AIGC 神龙大模型
漏洞类别
释放后使用
来源:AIGC 神龙大模型
漏洞标题
net: mdio: unexport __init-annotated mdio_bus_init()
来源:美国国家漏洞数据库 NVD
漏洞描述信息
In the Linux kernel, the following vulnerability has been resolved: net: mdio: unexport __init-annotated mdio_bus_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because the only in-tree call-site, drivers/net/phy/phy_device.c is never compiled as modular. (CONFIG_PHYLIB is boolean)
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2022-49350 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2022-49350 的情报信息

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree

  • 标题: net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree -- 🔗来源链接

    标签:

    net: mdio: unexport __init-annotated mdio_bus_init() - kernel/git/stable/linux.git - Linux kernel stable tree
  • https://nvd.nist.gov/vuln/detail/CVE-2022-49350