CVE-2022-49400: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this: do_md_stop | __md_stop (pers->free(); mddev->private=NULL) | md_free (free mddev) __md_stop sets mddev->private to NULL after pers->free. The raid device will be stopped and mddev memory is free. But in reshape, it doesn't free the mddev and mddev will still be used in new raid. In reshape, it first sets mddev->private to new_pers and then runs old_pers->free(). Now raid0 sets mddev->private to NULL in raid0_free. The new raid can't work anymore. It will panic when dereference mddev->private because of NULL pointer dereference. It can panic like this: [63010.814972] kernel BUG at drivers/md/raid10.c:928! [63010.819778] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [63010.825011] CPU: 3 PID: 44437 Comm: md0_resync Kdump: loaded Not tainted 5.14.0-86.el9.x86_64 #1 [63010.833789] Hardware name: Dell Inc. PowerEdge R6415/07YXFK, BIOS 1.15.0 09/11/2020 [63010.841440] RIP: 0010:raise_barrier+0x161/0x170 [raid10] [63010.865508] RSP: 0018:ffffc312408bbc10 EFLAGS: 00010246 [63010.870734] RAX: 0000000000000000 RBX: ffffa00bf7d39800 RCX: 0000000000000000 [63010.877866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa00bf7d39800 [63010.884999] RBP: 0000000000000000 R08: fffffa4945e74400 R09: 0000000000000000 [63010.892132] R10: ffffa00eed02f798 R11: 0000000000000000 R12: ffffa00bbc435200 [63010.899266] R13: ffffa00bf7d39800 R14: 0000000000000400 R15: 0000000000000003 [63010.906399] FS: 0000000000000000(0000) GS:ffffa00eed000000(0000) knlGS:0000000000000000 [63010.914485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [63010.920229] CR2: 00007f5cfbe99828 CR3: 0000000105efe000 CR4: 00000000003506e0 [63010.927363] Call Trace: [63010.929822] ? bio_reset+0xe/0x40 [63010.933144] ? raid10_alloc_init_r10buf+0x60/0xa0 [raid10] [63010.938629] raid10_sync_request+0x756/0x1610 [raid10] [63010.943770] md_do_sync.cold+0x3e4/0x94c [63010.947698] md_thread+0xab/0x160 [63010.951024] ? md_write_inc+0x50/0x50 [63010.954688] kthread+0x149/0x170 [63010.957923] ? set_kthread_struct+0x40/0x40 [63010.962107] ret_from_fork+0x22/0x30 Removing the code that sets mddev->private to NULL in raid0 can fix problem.
AI Analysis
Technical Summary
CVE-2022-49400 is a vulnerability in the Linux kernel's MD (multiple device) RAID subsystem, specifically affecting the handling of RAID0 devices during reshape operations. The issue arises from improper management of the mddev->private pointer during the stop and reshape processes of RAID0 arrays. Normally, when stopping a RAID device, the kernel calls a sequence of functions culminating in __md_stop, which invokes the pers->free() callback and then sets mddev->private to NULL before freeing the mddev structure. However, during a reshape operation, the kernel sets mddev->private to a new persistence structure (new_pers) before calling old_pers->free(), but RAID0 incorrectly sets mddev->private to NULL in raid0_free. This leads to a NULL pointer dereference when the new RAID attempts to access mddev->private, causing a kernel panic and system crash. The vulnerability manifests as a kernel BUG triggered by dereferencing a NULL pointer in the RAID10 driver code path during resynchronization, as evidenced by the provided kernel panic logs. The root cause is the premature clearing of mddev->private in raid0_free during reshape, which disrupts the new RAID's operation. The fix involves removing the code that sets mddev->private to NULL in raid0_free, ensuring the pointer remains valid throughout the reshape process. This vulnerability affects Linux kernel versions identified by specific commit hashes listed, and it is relevant to systems using software RAID0 configurations. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based servers with software RAID0 configurations, this vulnerability poses a risk of unexpected system crashes and downtime due to kernel panics triggered during RAID reshape operations. RAID0, while less commonly used for critical data due to lack of redundancy, is still employed for performance-sensitive applications. A kernel panic can lead to loss of availability, potential data corruption if writes are interrupted, and operational disruption. Organizations running critical infrastructure, data centers, or cloud services on affected Linux kernels may experience service outages. The impact is primarily on availability and system stability rather than confidentiality or integrity. Since the vulnerability requires a RAID reshape operation to trigger, the attack surface is somewhat limited, but inadvertent or malicious triggering of reshape could cause denial of service. European enterprises with high reliance on Linux servers in finance, telecommunications, manufacturing, or public sector could face operational risks if unpatched. Additionally, recovery from kernel panics in production environments can be complex and time-consuming, increasing downtime costs.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-49400 as soon as they become available from trusted sources or Linux distribution vendors. 2. Avoid performing RAID0 reshape operations on production systems until patched, or schedule maintenance windows with backups in place. 3. Implement monitoring to detect kernel panics and RAID reshape events to respond quickly to potential issues. 4. For systems where RAID0 is not essential, consider migrating to RAID levels with redundancy (e.g., RAID1 or RAID10) to reduce risk. 5. Maintain regular backups of data on RAID0 arrays to mitigate data loss risks from unexpected crashes. 6. Test kernel updates in staging environments to verify stability before deployment. 7. Limit access to systems capable of triggering RAID reshape operations to trusted administrators to reduce accidental or malicious triggering. 8. Review and update incident response plans to include procedures for kernel panic recovery and RAID subsystem troubleshooting.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain, Poland, Belgium
CVE-2022-49400: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this: do_md_stop | __md_stop (pers->free(); mddev->private=NULL) | md_free (free mddev) __md_stop sets mddev->private to NULL after pers->free. The raid device will be stopped and mddev memory is free. But in reshape, it doesn't free the mddev and mddev will still be used in new raid. In reshape, it first sets mddev->private to new_pers and then runs old_pers->free(). Now raid0 sets mddev->private to NULL in raid0_free. The new raid can't work anymore. It will panic when dereference mddev->private because of NULL pointer dereference. It can panic like this: [63010.814972] kernel BUG at drivers/md/raid10.c:928! [63010.819778] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [63010.825011] CPU: 3 PID: 44437 Comm: md0_resync Kdump: loaded Not tainted 5.14.0-86.el9.x86_64 #1 [63010.833789] Hardware name: Dell Inc. PowerEdge R6415/07YXFK, BIOS 1.15.0 09/11/2020 [63010.841440] RIP: 0010:raise_barrier+0x161/0x170 [raid10] [63010.865508] RSP: 0018:ffffc312408bbc10 EFLAGS: 00010246 [63010.870734] RAX: 0000000000000000 RBX: ffffa00bf7d39800 RCX: 0000000000000000 [63010.877866] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffffa00bf7d39800 [63010.884999] RBP: 0000000000000000 R08: fffffa4945e74400 R09: 0000000000000000 [63010.892132] R10: ffffa00eed02f798 R11: 0000000000000000 R12: ffffa00bbc435200 [63010.899266] R13: ffffa00bf7d39800 R14: 0000000000000400 R15: 0000000000000003 [63010.906399] FS: 0000000000000000(0000) GS:ffffa00eed000000(0000) knlGS:0000000000000000 [63010.914485] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [63010.920229] CR2: 00007f5cfbe99828 CR3: 0000000105efe000 CR4: 00000000003506e0 [63010.927363] Call Trace: [63010.929822] ? bio_reset+0xe/0x40 [63010.933144] ? raid10_alloc_init_r10buf+0x60/0xa0 [raid10] [63010.938629] raid10_sync_request+0x756/0x1610 [raid10] [63010.943770] md_do_sync.cold+0x3e4/0x94c [63010.947698] md_thread+0xab/0x160 [63010.951024] ? md_write_inc+0x50/0x50 [63010.954688] kthread+0x149/0x170 [63010.957923] ? set_kthread_struct+0x40/0x40 [63010.962107] ret_from_fork+0x22/0x30 Removing the code that sets mddev->private to NULL in raid0 can fix problem.
AI-Powered Analysis
Technical Analysis
CVE-2022-49400 is a vulnerability in the Linux kernel's MD (multiple device) RAID subsystem, specifically affecting the handling of RAID0 devices during reshape operations. The issue arises from improper management of the mddev->private pointer during the stop and reshape processes of RAID0 arrays. Normally, when stopping a RAID device, the kernel calls a sequence of functions culminating in __md_stop, which invokes the pers->free() callback and then sets mddev->private to NULL before freeing the mddev structure. However, during a reshape operation, the kernel sets mddev->private to a new persistence structure (new_pers) before calling old_pers->free(), but RAID0 incorrectly sets mddev->private to NULL in raid0_free. This leads to a NULL pointer dereference when the new RAID attempts to access mddev->private, causing a kernel panic and system crash. The vulnerability manifests as a kernel BUG triggered by dereferencing a NULL pointer in the RAID10 driver code path during resynchronization, as evidenced by the provided kernel panic logs. The root cause is the premature clearing of mddev->private in raid0_free during reshape, which disrupts the new RAID's operation. The fix involves removing the code that sets mddev->private to NULL in raid0_free, ensuring the pointer remains valid throughout the reshape process. This vulnerability affects Linux kernel versions identified by specific commit hashes listed, and it is relevant to systems using software RAID0 configurations. No known exploits are reported in the wild, and no CVSS score has been assigned yet.
Potential Impact
For European organizations relying on Linux-based servers with software RAID0 configurations, this vulnerability poses a risk of unexpected system crashes and downtime due to kernel panics triggered during RAID reshape operations. RAID0, while less commonly used for critical data due to lack of redundancy, is still employed for performance-sensitive applications. A kernel panic can lead to loss of availability, potential data corruption if writes are interrupted, and operational disruption. Organizations running critical infrastructure, data centers, or cloud services on affected Linux kernels may experience service outages. The impact is primarily on availability and system stability rather than confidentiality or integrity. Since the vulnerability requires a RAID reshape operation to trigger, the attack surface is somewhat limited, but inadvertent or malicious triggering of reshape could cause denial of service. European enterprises with high reliance on Linux servers in finance, telecommunications, manufacturing, or public sector could face operational risks if unpatched. Additionally, recovery from kernel panics in production environments can be complex and time-consuming, increasing downtime costs.
Mitigation Recommendations
1. Apply the official Linux kernel patches that address CVE-2022-49400 as soon as they become available from trusted sources or Linux distribution vendors. 2. Avoid performing RAID0 reshape operations on production systems until patched, or schedule maintenance windows with backups in place. 3. Implement monitoring to detect kernel panics and RAID reshape events to respond quickly to potential issues. 4. For systems where RAID0 is not essential, consider migrating to RAID levels with redundancy (e.g., RAID1 or RAID10) to reduce risk. 5. Maintain regular backups of data on RAID0 arrays to mitigate data loss risks from unexpected crashes. 6. Test kernel updates in staging environments to verify stability before deployment. 7. Limit access to systems capable of triggering RAID reshape operations to trusted administrators to reduce accidental or malicious triggering. 8. Review and update incident response plans to include procedures for kernel panic recovery and RAID subsystem troubleshooting.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:08:31.564Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d9820c4522896dcbdd683
Added to database: 5/21/2025, 9:08:48 AM
Last enriched: 6/28/2025, 12:40:35 AM
Last updated: 7/28/2025, 7:26:00 PM
Views: 12
Related Threats
CVE-2025-9041: CWE-1287: Improper Validation of Specified Type of Input in Rockwell Automation FLEX 5000 I/O
HighCVE-2025-43983: n/a
UnknownCVE-2025-9042: CWE-1287: Improper Validation of Specified Type of Input in Rockwell Automation FLEX 5000 I/O
HighCVE-2025-8962: Stack-based Buffer Overflow in code-projects Hostel Management System
MediumCVE-2025-38745: CWE-532: Insertion of Sensitive Information into Log File in Dell OpenManage Enterprise
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.