CVE-2022-49345: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49345 affects the Linux kernel's networking subsystem, specifically related to the xfrm4_protocol_init() function. The vulnerability was discovered when a combination of EXPORT_SYMBOL and __init annotations created a potential security issue where the .init.text section is freed after initialization while still being exported as a symbol (Kernel Git).

The vulnerability stems from an improper combination of EXPORT_SYMBOL and __init annotations in the Linux kernel's networking code. The __init-annotated section gets freed after initialization, but the symbol remains exported, which could lead to accessing freed memory. This issue was present in the xfrm4_protocol_init() function in net/ipv4/xfrm4_protocol.c. The vulnerability was identified when modpost warnings were fixed after being broken for approximately a decade (Kernel Git).

If exploited, this vulnerability could result in a kernel panic due to accessing freed memory. The issue affects systems where modules might attempt to use the exported symbol after the initialization phase has completed (Kernel Git).

The issue was resolved by removing the EXPORT_SYMBOL for xfrm4_protocol_init() rather than removing the __init annotation. This solution was chosen because the only in-tree call-site in net/ipv4/xfrm4_policy.c is never compiled as modular since CONFIG_XFRM is a boolean option (Kernel Git).