{
  "threat_severity" : "Low",
  "public_date" : "2025-12-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: md/raid1: stop mdx_raid1 thread when raid1 array run failed",
    "id" : "2425055",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425055"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-826",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nmd/raid1: stop mdx_raid1 thread when raid1 array run failed\nfail run raid1 array when we assemble array with the inactive disk only,\nbut the mdx_raid1 thread were not stop, Even if the associated resources\nhave been released. it will caused a NULL dereference when we do poweroff.\nThis causes the following Oops:\n[  287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070\n[  287.594762] #PF: supervisor read access in kernel mode\n[  287.599912] #PF: error_code(0x0000) - not-present page\n[  287.605061] PGD 0 P4D 0\n[  287.607612] Oops: 0000 [#1] SMP NOPTI\n[  287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G     U            5.10.146 #0\n[  287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022\n[  287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]\n[  287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......\n[  287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202\n[  287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000\n[  287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800\n[  287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff\n[  287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800\n[  287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500\n[  287.692052] FS:  0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000\n[  287.700149] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0\n[  287.713033] Call Trace:\n[  287.715498]  raid1d+0x6c/0xbbb [raid1]\n[  287.719256]  ? __schedule+0x1ff/0x760\n[  287.722930]  ? schedule+0x3b/0xb0\n[  287.726260]  ? schedule_timeout+0x1ed/0x290\n[  287.730456]  ? __switch_to+0x11f/0x400\n[  287.734219]  md_thread+0xe9/0x140 [md_mod]\n[  287.738328]  ? md_thread+0xe9/0x140 [md_mod]\n[  287.742601]  ? wait_woken+0x80/0x80\n[  287.746097]  ? md_register_thread+0xe0/0xe0 [md_mod]\n[  287.751064]  kthread+0x11a/0x140\n[  287.754300]  ? kthread_park+0x90/0x90\n[  287.757974]  ret_from_fork+0x1f/0x30\nIn fact, when raid1 array run fail, we need to do\nmd_unregister_thread() before raid1_free()." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-05-16T00:00:00Z",
    "advisory" : "RHSA-2023:2951",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-477.10.1.el8_8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-05-09T00:00:00Z",
    "advisory" : "RHSA-2023:2458",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-284.11.1.el9_2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Fix deferred",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50715\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50715\nhttps://lore.kernel.org/linux-cve-announce/2025122415-CVE-2022-50715-5640@gregkh/T" ],
  "name" : "CVE-2022-50715",
  "csaw" : false
}