CVE-2022-49345: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49345 affects the Linux kernel's networking subsystem, specifically related to the xfrm4protocolinit() function. The vulnerability was discovered when a combination of EXPORTSYMBOL and _init annotations created a potential security issue where the .init.text section is freed after initialization while still being exported as a symbol (Kernel Git).

The vulnerability stems from an improper combination of EXPORTSYMBOL and _init annotations in the Linux kernel's networking code. The _init-annotated section gets freed after initialization, but the symbol remains exported, which could lead to accessing freed memory. This issue was present in the xfrm4protocolinit() function in net/ipv4/xfrm4protocol.c. The vulnerability was identified when modpost warnings were fixed after being broken for approximately a decade (Kernel Git).

If exploited, this vulnerability could result in a kernel panic due to accessing freed memory. The issue affects systems where modules might attempt to use the exported symbol after the initialization phase has completed (Kernel Git).

The issue was resolved by removing the EXPORTSYMBOL for xfrm4protocolinit() rather than removing the _init annotation. This solution was chosen because the only in-tree call-site in net/ipv4/xfrm4policy.c is never compiled as modular since CONFIGXFRM is a boolean option (Kernel Git).