Overview
About vulnerability
In the Linux kernel, the following vulnerability has been resolved:
md: raid1: fix potential OOB in raid1_remove_disk()
If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found similar reports as follows:
- commit d17f744e883b (“md-raid10: fix KASAN warning”)
- commit 1ebc2cec0b7d (“dm raid: fix KASAN warning in raid5_remove_disk”)
Fix this bug by checking whether the “number” variable is valid.
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 8.4 ELS , CentOS 8.5 ELS , CentOS Stream 8 ELS , TuxCare 9.6 ESU
- Affected packages:
- kernel @ 4.18.0 (+4 more)
In the Linux kernel, the following vulnerability has been resolved:
md: raid1: fix potential OOB in raid1_remove_disk()
If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found similar reports as follows:
- commit d17f744e883b (“md-raid10: fix KASAN warning”)
- commit 1ebc2cec0b7d (“dm raid: fix KASAN warning in raid5_remove_disk”)
Fix this bug by checking whether the “number” variable is valid.