CVE - CVE-2022-49674

CVE-ID
CVE-2022-49674	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs[rs->raid_disks] for the raid device members. rs->raid_disks is defined by the number of raid metadata and image tupples passed into the target's constructor. In the case of RAID layout changes being requested, that number can be different from the current number of members for existing raid sets as defined in their superblocks. Example RAID layout changes include: - raid1 legs being added/removed - raid4/5/6/10 number of stripes changed (stripe reshaping) - takeover to higher raid level (e.g. raid5 -> raid6) When accessing array members, rs->raid_disks must be used in control loops instead of the potentially larger value in rs->md.raid_disks. Otherwise it will cause memory access beyond the end of the rs->devs array. Fix this by changing code that is prone to out-of-bounds access. Also fix validate_raid_redundancy() to validate all devices that are added. Also, use braces to help clean up raid_iterate_devices(). The out-of-bounds memory accesses was discovered using KASAN. This commit was verified to pass all LVM2 RAID tests (with KASAN enabled).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/332bd0778775d0cf105c4b9e03e460b590749916 URL:https://git.kernel.org/stable/c/332bd0778775d0cf105c4b9e03e460b590749916 MISC:https://git.kernel.org/stable/c/5e161a8826b63c0b8b43e4a7fad1f956780f42ab URL:https://git.kernel.org/stable/c/5e161a8826b63c0b8b43e4a7fad1f956780f42ab MISC:https://git.kernel.org/stable/c/6352b2f4d8e95ec0ae576d7705435d64cfa29503 URL:https://git.kernel.org/stable/c/6352b2f4d8e95ec0ae576d7705435d64cfa29503 MISC:https://git.kernel.org/stable/c/90de15357504c8097ab29769dc6852e16281e9e8 URL:https://git.kernel.org/stable/c/90de15357504c8097ab29769dc6852e16281e9e8 MISC:https://git.kernel.org/stable/c/9bf2b0757b04c78dc5d6e3a198acca98457b32a1 URL:https://git.kernel.org/stable/c/9bf2b0757b04c78dc5d6e3a198acca98457b32a1 MISC:https://git.kernel.org/stable/c/bcff98500ea3b4e7615ec31d2bdd326bc1ef5134 URL:https://git.kernel.org/stable/c/bcff98500ea3b4e7615ec31d2bdd326bc1ef5134 MISC:https://git.kernel.org/stable/c/df1a5ab0dd0775f2ea101c71f2addbc4c0ea0f85 URL:https://git.kernel.org/stable/c/df1a5ab0dd0775f2ea101c71f2addbc4c0ea0f85
Assigning CNA
kernel.org
Date Record Created
20250226	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250226)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)