Re: CVE-2022-49355: xen: unexport __init-annotated xen_xlate_map_ballooned_pages()

From: Juergen Gross
Date: Wed Feb 26 2025 - 02:45:43 EST

Next message: Arnd Bergmann: "Re: [PATCH] arm64: defconfig: Enable HSR driver"
Previous message: Maxime Chevallier: "Re: [PATCH net-next v7 1/2] net: mdio: Add RTL9300 MDIO driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 26.02.25 03:10, Greg Kroah-Hartman wrote:

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

xen: unexport __init-annotated xen_xlate_map_ballooned_pages()

EXPORT_SYMBOL and __init is a bad combination because the .init.text
section is freed up after the initialization. Hence, modules cannot
use symbols annotated __init. The access to a freed symbol may end up
with kernel panic.

Please revoke this CVE. There is no way an unprivileged user could
trigger access to the freed symbol.

Juergen

Attachment: OpenPGP_0xB0DE9DD628BF132F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Next message: Arnd Bergmann: "Re: [PATCH] arm64: defconfig: Enable HSR driver"
Previous message: Maxime Chevallier: "Re: [PATCH net-next v7 1/2] net: mdio: Add RTL9300 MDIO driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]