{ "threat_severity" : "Low", "public_date" : "2025-06-18T00:00:00Z", "bugzilla" : { "description" : "kernel: dm raid: fix address sanitizer warning in raid_status", "id" : "2373667", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2373667" }, "cvss3" : { "cvss3_base_score" : "3.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-843", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\ndm raid: fix address sanitizer warning in raid_status\nThere is this warning when using a kernel with the address sanitizer\nand running this testsuite:\nhttps://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid\n==================================================================\nBUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid]\nRead of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319\nCPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3. #1\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nCall Trace:\n\ndump_stack_lvl+0x6a/0x9c\nprint_address_description.constprop.0+0x1f/0x1e0\nprint_report.cold+0x55/0x244\nkasan_report+0xc9/0x100\nraid_status+0x1747/0x2820 [dm_raid]\ndm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod]\ntable_load+0x35c/0x630 [dm_mod]\nctl_ioctl+0x411/0x630 [dm_mod]\ndm_ctl_ioctl+0xa/0x10 [dm_mod]\n__x64_sys_ioctl+0x12a/0x1a0\ndo_syscall_64+0x5b/0x80\nThe warning is caused by reading conf->max_nr_stripes in raid_status. The\ncode in raid_status reads mddev->private, casts it to struct r5conf and\nreads the entry max_nr_stripes.\nHowever, if we have different raid type than 4/5/6, mddev->private\ndoesn't point to struct r5conf; it may point to struct r0conf, struct\nr1conf, struct r10conf or struct mpconf. If we cast a pointer to one\nof these structs to struct r5conf, we will be reading invalid memory\nand KASAN warns about it.\nFix this bug by reading struct r5conf only if raid type is 4, 5 or 6." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7683", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "kernel-0:4.18.0-425.3.1.el8" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8267", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-162.6.1.el9_1" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50084\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50084\nhttps://lore.kernel.org/linux-cve-announce/2025061858-CVE-2022-50084-6b7c@gregkh/T" ], "name" : "CVE-2022-50084", "csaw" : false }