{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2022-50084","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-06-18T10:57:27.410Z","datePublished":"2025-06-18T11:02:25.998Z","dateUpdated":"2026-05-11T19:12:31.288Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T19:12:31.288Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix address sanitizer warning in raid_status\n\nThere is this warning when using a kernel with the address sanitizer\nand running this testsuite:\nhttps://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid]\nRead of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319\nCPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3.<snip> #1\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nCall Trace:\n <TASK>\n dump_stack_lvl+0x6a/0x9c\n print_address_description.constprop.0+0x1f/0x1e0\n print_report.cold+0x55/0x244\n kasan_report+0xc9/0x100\n raid_status+0x1747/0x2820 [dm_raid]\n dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod]\n table_load+0x35c/0x630 [dm_mod]\n ctl_ioctl+0x411/0x630 [dm_mod]\n dm_ctl_ioctl+0xa/0x10 [dm_mod]\n __x64_sys_ioctl+0x12a/0x1a0\n do_syscall_64+0x5b/0x80\n\nThe warning is caused by reading conf->max_nr_stripes in raid_status. The\ncode in raid_status reads mddev->private, casts it to struct r5conf and\nreads the entry max_nr_stripes.\n\nHowever, if we have different raid type than 4/5/6, mddev->private\ndoesn't point to struct r5conf; it may point to struct r0conf, struct\nr1conf, struct r10conf or struct mpconf. If we cast a pointer to one\nof these structs to struct r5conf, we will be reading invalid memory\nand KASAN warns about it.\n\nFix this bug by reading struct r5conf only if raid type is 4, 5 or 6."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/dm-raid.c"],"versions":[{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"1ae0ebfb576b72c2ef400917a5484ebe7892d80b","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"90b006da40dd42285b24dd3c940d2c32aca9a70b","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"b856ce5f4b55f752144baf17e9d5c415072652c5","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"cb583ca6125ac64c98e9d65128e95ebb5be7d322","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"49dba30638e091120256a9e89125340795f034dc","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"4c233811a49578634d10a5e70a9dfa569d451e94","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"d8971b595d7adac3421c21f59918241f1574061e","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"b4c6c07c92b6cba2bf3cb2dfa722debeaf8a8abe","status":"affected","versionType":"git"},{"version":"3a1c1ef2fd62087c3d6521de217ddb9360776658","lessThan":"1fbeea217d8f297fe0e0956a1516d14ba97d0396","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/md/dm-raid.c"],"versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","status":"unaffected","versionType":"semver"},{"version":"4.9.326","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.291","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.256","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.211","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.137","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.61","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.18.18","lessThanOrEqual":"5.18.*","status":"unaffected","versionType":"semver"},{"version":"5.19.2","lessThanOrEqual":"5.19.*","status":"unaffected","versionType":"semver"},{"version":"6.0","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.9.326"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.14.291"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"4.19.256"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.4.211"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.137"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.15.61"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.18.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.19.2"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.0"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b"},{"url":"https://git.kernel.org/stable/c/90b006da40dd42285b24dd3c940d2c32aca9a70b"},{"url":"https://git.kernel.org/stable/c/b856ce5f4b55f752144baf17e9d5c415072652c5"},{"url":"https://git.kernel.org/stable/c/cb583ca6125ac64c98e9d65128e95ebb5be7d322"},{"url":"https://git.kernel.org/stable/c/49dba30638e091120256a9e89125340795f034dc"},{"url":"https://git.kernel.org/stable/c/4c233811a49578634d10a5e70a9dfa569d451e94"},{"url":"https://git.kernel.org/stable/c/d8971b595d7adac3421c21f59918241f1574061e"},{"url":"https://git.kernel.org/stable/c/b4c6c07c92b6cba2bf3cb2dfa722debeaf8a8abe"},{"url":"https://git.kernel.org/stable/c/1fbeea217d8f297fe0e0956a1516d14ba97d0396"}],"title":"dm raid: fix address sanitizer warning in raid_status","x_generator":{"engine":"bippy-1.2.0"}}}}