CVE-2022-49674: Vulnerability in Linux Linux
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs[rs->raid_disks] for the raid device members. rs->raid_disks is defined by the number of raid metadata and image tupples passed into the target's constructor. In the case of RAID layout changes being requested, that number can be different from the current number of members for existing raid sets as defined in their superblocks. Example RAID layout changes include: - raid1 legs being added/removed - raid4/5/6/10 number of stripes changed (stripe reshaping) - takeover to higher raid level (e.g. raid5 -> raid6) When accessing array members, rs->raid_disks must be used in control loops instead of the potentially larger value in rs->md.raid_disks. Otherwise it will cause memory access beyond the end of the rs->devs array. Fix this by changing code that is prone to out-of-bounds access. Also fix validate_raid_redundancy() to validate all devices that are added. Also, use braces to help clean up raid_iterate_devices(). The out-of-bounds memory accesses was discovered using KASAN. This commit was verified to pass all LVM2 RAID tests (with KASAN enabled).
AI Analysis
Technical Summary
CVE-2022-49674 is a vulnerability identified in the Linux kernel's device-mapper RAID (dm-raid) subsystem. The flaw arises from improper bounds checking when accessing the array of RAID member devices (rs->devs). Specifically, during RAID table loading via raid_ctr, dm-raid allocates an array sized by rs->raid_disks, which is derived from the number of RAID metadata and image tuples passed to the constructor. However, when RAID layout changes occur—such as adding or removing RAID1 legs, changing the number of stripes in RAID4/5/6/10, or upgrading RAID levels (e.g., RAID5 to RAID6)—the number of members defined in the superblock (rs->md.raid_disks) can differ from rs->raid_disks. The vulnerability stems from code using the larger rs->md.raid_disks value instead of rs->raid_disks in control loops, leading to out-of-bounds memory access beyond the allocated array. This can cause memory corruption, potentially leading to system instability or exploitation opportunities. The issue was detected using Kernel Address Sanitizer (KASAN) and fixed by correcting the control loop bounds and improving validation of RAID redundancy and device iteration. The patch was verified against LVM2 RAID tests with KASAN enabled, ensuring robustness. No known exploits are currently reported in the wild. The vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and likely impacts any Linux distributions using vulnerable kernel versions with dm-raid functionality enabled and RAID configurations that undergo layout changes.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with vulnerable dm-raid implementations, especially those utilizing RAID configurations that are dynamically altered or reshaped. Potential impacts include memory corruption leading to kernel crashes (denial of service), data integrity issues due to improper RAID device handling, and in worst cases, privilege escalation or arbitrary code execution if an attacker can craft conditions to exploit the out-of-bounds access. Organizations relying on Linux-based servers, storage appliances, or virtualization hosts with RAID managed by device-mapper could face service disruptions or data loss. Given the kernel-level nature of the flaw, exploitation could compromise the confidentiality, integrity, and availability of critical systems. Although no exploits are known currently, the complexity of RAID operations and the kernel context make exploitation non-trivial but feasible in targeted attacks. This is particularly relevant for sectors with high reliance on Linux infrastructure such as finance, telecommunications, cloud providers, and critical infrastructure in Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49674. Specifically, ensure that all systems using dm-raid with dynamic RAID layout changes are patched. Administrators should audit RAID configurations to identify any that perform reshaping or level changes and monitor logs for unusual kernel errors or crashes related to device-mapper RAID. Employ kernel hardening and runtime protections such as KASAN in testing environments to detect similar issues proactively. Additionally, restrict access to systems with RAID management capabilities to trusted administrators to reduce the risk of malicious manipulation of RAID layouts. Backup critical data regularly and verify RAID integrity post-maintenance operations. For environments where immediate patching is not feasible, consider disabling dynamic RAID reshaping features or migrating to alternative RAID management solutions until patched. Finally, maintain vigilance for any emerging exploit reports or vendor advisories related to this vulnerability.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Italy, Spain
CVE-2022-49674: Vulnerability in Linux Linux
Description
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load (using raid_ctr), dm-raid allocates an array rs->devs[rs->raid_disks] for the raid device members. rs->raid_disks is defined by the number of raid metadata and image tupples passed into the target's constructor. In the case of RAID layout changes being requested, that number can be different from the current number of members for existing raid sets as defined in their superblocks. Example RAID layout changes include: - raid1 legs being added/removed - raid4/5/6/10 number of stripes changed (stripe reshaping) - takeover to higher raid level (e.g. raid5 -> raid6) When accessing array members, rs->raid_disks must be used in control loops instead of the potentially larger value in rs->md.raid_disks. Otherwise it will cause memory access beyond the end of the rs->devs array. Fix this by changing code that is prone to out-of-bounds access. Also fix validate_raid_redundancy() to validate all devices that are added. Also, use braces to help clean up raid_iterate_devices(). The out-of-bounds memory accesses was discovered using KASAN. This commit was verified to pass all LVM2 RAID tests (with KASAN enabled).
AI-Powered Analysis
Technical Analysis
CVE-2022-49674 is a vulnerability identified in the Linux kernel's device-mapper RAID (dm-raid) subsystem. The flaw arises from improper bounds checking when accessing the array of RAID member devices (rs->devs). Specifically, during RAID table loading via raid_ctr, dm-raid allocates an array sized by rs->raid_disks, which is derived from the number of RAID metadata and image tuples passed to the constructor. However, when RAID layout changes occur—such as adding or removing RAID1 legs, changing the number of stripes in RAID4/5/6/10, or upgrading RAID levels (e.g., RAID5 to RAID6)—the number of members defined in the superblock (rs->md.raid_disks) can differ from rs->raid_disks. The vulnerability stems from code using the larger rs->md.raid_disks value instead of rs->raid_disks in control loops, leading to out-of-bounds memory access beyond the allocated array. This can cause memory corruption, potentially leading to system instability or exploitation opportunities. The issue was detected using Kernel Address Sanitizer (KASAN) and fixed by correcting the control loop bounds and improving validation of RAID redundancy and device iteration. The patch was verified against LVM2 RAID tests with KASAN enabled, ensuring robustness. No known exploits are currently reported in the wild. The vulnerability affects Linux kernel versions identified by the commit hash 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 and likely impacts any Linux distributions using vulnerable kernel versions with dm-raid functionality enabled and RAID configurations that undergo layout changes.
Potential Impact
For European organizations, this vulnerability poses a risk primarily to systems running Linux kernels with vulnerable dm-raid implementations, especially those utilizing RAID configurations that are dynamically altered or reshaped. Potential impacts include memory corruption leading to kernel crashes (denial of service), data integrity issues due to improper RAID device handling, and in worst cases, privilege escalation or arbitrary code execution if an attacker can craft conditions to exploit the out-of-bounds access. Organizations relying on Linux-based servers, storage appliances, or virtualization hosts with RAID managed by device-mapper could face service disruptions or data loss. Given the kernel-level nature of the flaw, exploitation could compromise the confidentiality, integrity, and availability of critical systems. Although no exploits are known currently, the complexity of RAID operations and the kernel context make exploitation non-trivial but feasible in targeted attacks. This is particularly relevant for sectors with high reliance on Linux infrastructure such as finance, telecommunications, cloud providers, and critical infrastructure in Europe.
Mitigation Recommendations
European organizations should prioritize updating their Linux kernels to versions that include the patch for CVE-2022-49674. Specifically, ensure that all systems using dm-raid with dynamic RAID layout changes are patched. Administrators should audit RAID configurations to identify any that perform reshaping or level changes and monitor logs for unusual kernel errors or crashes related to device-mapper RAID. Employ kernel hardening and runtime protections such as KASAN in testing environments to detect similar issues proactively. Additionally, restrict access to systems with RAID management capabilities to trusted administrators to reduce the risk of malicious manipulation of RAID layouts. Backup critical data regularly and verify RAID integrity post-maintenance operations. For environments where immediate patching is not feasible, consider disabling dynamic RAID reshaping features or migrating to alternative RAID management solutions until patched. Finally, maintain vigilance for any emerging exploit reports or vendor advisories related to this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Linux
- Date Reserved
- 2025-02-26T02:21:30.438Z
- Cisa Enriched
- false
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 682d982cc4522896dcbe47db
Added to database: 5/21/2025, 9:09:00 AM
Last enriched: 6/30/2025, 12:09:31 AM
Last updated: 8/15/2025, 10:08:58 AM
Views: 14
Related Threats
CVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumCVE-2025-54759: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.