CVE-2022-49726: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-49726 affects the Linux kernel's Hyper-V clocksource functionality. The vulnerability was discovered when a combination of EXPORTSYMBOL and _init annotations in the hvinitclocksource() function created a potential security issue. The issue arises because the .init.text section is freed up after initialization, making it impossible for modules to safely use symbols annotated with __init. This vulnerability was identified and reported in February 2025 (NVD).

The vulnerability stems from an improper combination of EXPORTSYMBOL and _init annotations in the Linux kernel's Hyper-V clocksource implementation. The technical issue occurs because the .init.text section gets freed after initialization, while the symbol remains exported. This could lead to accessing freed memory when the exported symbol is used by modules, potentially resulting in a kernel panic. The issue was discovered when modpost, which had been broken for a decade, was fixed and began warning about this problematic combination (Kernel Commit).

If exploited, this vulnerability could lead to a kernel panic when modules attempt to access the freed symbol. This could result in system instability and potential denial of service conditions. The impact is somewhat limited since the only in-tree call-site (arch/x86/kernel/cpu/mshyperv.c) is never compiled as modular due to CONFIGHYPERVISORGUEST being boolean (Kernel Commit).

The issue was resolved by removing the EXPORTSYMBOL annotation rather than removing the _init annotation. This fix was chosen because the only in-tree call-site is never compiled as modular. The patch has been merged into the Linux kernel, providing a complete fix for the vulnerability (Kernel Commit).