PT-2025-8279 · Linux+3 · Linux Kernel+3

Stephen Rothwell

Published

2022-06-06

Updated

2025-09-29

CVE-2022-49345

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to the xfrm4 protocol init() function, which was annotated with init and exported using EXPORT SYMBOL. This combination is problematic because the .init.text section is freed after initialization, and modules cannot use symbols annotated with init, potentially leading to a kernel panic. The issue was detected after a fix was applied to modpost, a tool that had been broken for a decade.

Recommendations Remove EXPORT SYMBOL from the xfrm4 protocol init() function to prevent the vulnerability, as the only in-tree call site is never compiled as modular.

Exploit

Fix

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-665

Related Identifiers

ALSA-2025_16880

BDU:2026-03495

CVE-2022-49345

RHSA-2023:2458

RHSA-2023_2458

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1241-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

Affected Products

Astra Linux

Linux Kernel

Red Hat

Suse

PT-2025-8279 · Linux+3 · Linux Kernel+3

CVE-2022-49345

Weakness Enumeration

Related Identifiers

Affected Products

References · 1345