CVE-2022-49355 - Vulnerability Details

Description

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Published: 2025-02-26

Score: 5.5 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-54502	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://lore.kernel.org/linux-cve-announce/2025022643-CVE-2022-49355-69f7@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2022-49355
https://www.cve.org/CVERecord?id=CVE-2022-49355

History

Thu, 27 Feb 2025 01:45:00 +0000

Type	Values Removed	Values Added
Title		kernel: xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
References		https://lore.kernel.org/linux-cve-announce/2025022643-CVE-2022-49355-69f7@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2022-49355 https://www.cve.org/CVERecord?id=CVE-2022-49355
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 26 Feb 2025 11:45:00 +0000

Type	Values Removed	Values Added
Description	In the Linux kernel, the following vulnerability has been resolved: xen: unexport __init-annotated xen_xlate_map_ballooned_pages() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because none of the in-tree call-sites (arch/arm/xen/enlighten.c, arch/x86/xen/grant-table.c) is compiled as modular.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Title	xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
References	https://git.kernel.org/stable/c/0ddb4334f4136cd5c84885032894663a4d57928d https://git.kernel.org/stable/c/29a9935a90dd32b89d04e249e0a948cb4949e7af https://git.kernel.org/stable/c/40e6078fcf186b4f452abcbffcb004e28d750395 https://git.kernel.org/stable/c/b43387364d8291190fd4ea1322b65c337802baa2 https://git.kernel.org/stable/c/b49c884146e20314808c9420640b26876ff55c80 https://git.kernel.org/stable/c/be9581f4fda795aa0e18cdc333efc1e447e1a55c https://git.kernel.org/stable/c/c0d076419136a7528abc1831847099400f61d60f https://git.kernel.org/stable/c/dbac14a5a05ff8e1ce7c0da0e1f520ce39ec62ea https://git.kernel.org/stable/c/f319c9b45b351019349cc779ce6721ebc211245c

Wed, 26 Feb 2025 02:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: xen: unexport __init-annotated xen_xlate_map_ballooned_pages() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. There are two ways to fix it: - Remove __init - Remove EXPORT_SYMBOL I chose the latter for this case because none of the in-tree call-sites (arch/arm/xen/enlighten.c, arch/x86/xen/grant-table.c) is compiled as modular.
Title		xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
References		https://git.kernel.org/stable/c/0ddb4334f4136cd5c84885032894663a4d57928d https://git.kernel.org/stable/c/29a9935a90dd32b89d04e249e0a948cb4949e7af https://git.kernel.org/stable/c/40e6078fcf186b4f452abcbffcb004e28d750395 https://git.kernel.org/stable/c/b43387364d8291190fd4ea1322b65c337802baa2 https://git.kernel.org/stable/c/b49c884146e20314808c9420640b26876ff55c80 https://git.kernel.org/stable/c/be9581f4fda795aa0e18cdc333efc1e447e1a55c https://git.kernel.org/stable/c/c0d076419136a7528abc1831847099400f61d60f https://git.kernel.org/stable/c/dbac14a5a05ff8e1ce7c0da0e1f520ce39ec62ea https://git.kernel.org/stable/c/f319c9b45b351019349cc779ce6721ebc211245c

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: Linux

Published: 2025-02-26T02:11:05.953Z

Updated: 2025-02-26T11:29:30.958Z

Reserved: 2025-02-26T02:08:31.545Z

Link: CVE-2022-49355

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2025-02-26T07:01:12.200

Modified: 2025-02-26T13:15:34.157

Link: CVE-2022-49355

Redhat

Severity : Moderate

Publid Date: 2025-02-26T00:00:00Z

Links: CVE-2022-49355 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object