CVE-2022-50211
📋 TL;DR
This is a kernel memory corruption vulnerability in the Linux md-raid10 subsystem where improper bounds checking allows reading beyond allocated memory boundaries. It affects Linux systems using RAID10 configurations via the md driver. The vulnerability can lead to system instability or crashes.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash, potential denial of service, or information disclosure through memory leaks.
Likely Case
System instability or crash when performing RAID10 operations, particularly during disk removal or reshape operations.
If Mitigated
Minor performance impact or failed RAID operations without system compromise.
🎯 Exploit Status
Requires local access and ability to perform RAID operations. Triggered during specific RAID10 operations like disk removal.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions with commits 0f4d18cbea4a6e37a05fd8ee2887439f85211110 or later
Vendor Advisory: https://git.kernel.org/stable/c/0f4d18cbea4a6e37a05fd8ee2887439f85211110
Restart Required: Yes
Instructions:
1. Update Linux kernel to patched version from your distribution. 2. For RHEL/CentOS: yum update kernel. 3. For Ubuntu/Debian: apt update && apt upgrade linux-image. 4. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid RAID10 operations
linuxTemporarily avoid RAID10 reshape or disk removal operations until patched.
# Monitor RAID operations and avoid: mdadm --grow --raid-devices, mdadm --remove
🧯 If You Can't Patch
- Restrict access to RAID management tools to trusted administrators only
- Monitor system logs for RAID-related errors or crashes
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if RAID10 is in use: cat /proc/mdstat and uname -rCheck Version:
uname -rVerify Fix Applied:
Verify kernel version is updated and no KASAN warnings appear in dmesg during RAID operations📡 Detection & Monitoring
Log Indicators:
- KASAN warnings in kernel logs
- 'slab-out-of-bounds' errors
- RAID10 operation failures
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("KASAN" OR "slab-out-of-bounds" OR "raid10_remove_disk")🔗 References
- https://git.kernel.org/stable/c/0f4d18cbea4a6e37a05fd8ee2887439f85211110
- https://git.kernel.org/stable/c/5f57843565131bb782388f9d993f9ee8f453dee1
- https://git.kernel.org/stable/c/5fd4ffa2372a41361d2bdd27ea5730e4e673240c
- https://git.kernel.org/stable/c/75fbd370a2cec9e92f48285bd90735ed0c837f52
- https://git.kernel.org/stable/c/7a6ccc8fa192fd357c2d5d4c6ce67c834a179e23
- https://git.kernel.org/stable/c/bcbdc26a44aba488d2f7122f2d66801bccb74733
- https://git.kernel.org/stable/c/bf30b9ba09b0ac2a10f04dce2b0835ec4d178aa6
- https://git.kernel.org/stable/c/ce839b9331c11780470f3d727b6fe3c2794a4620
- https://git.kernel.org/stable/c/d17f744e883b2f8d13cca252d71cfe8ace346f7d
