Linux Kernel dm Raid KASAN Warning Vulnerability in Raid5 Disk Management

Vulnerability

A vulnerability has been identified in the Linux kernel's dm raid component, specifically within the raid5_add_disks function. This issue triggers a KASAN (Kernel Address Sanitizer) warning during the LVM testsuite, particularly in the testlvconvert-raid-reshape-linear_to_raid6-single-type.sh script. The warning arises because the 'saved_raid_disk' value of a certain 'rdev' (raid device) is out of acceptable bounds. The vulnerability has been addressed by adding a verification step to ensure that this value remains within the proper limits.

Impact

Exploitation of this vulnerability could lead to memory safety issues, as indicated by the KASAN warning, which typically signals a potential out-of-bounds access or use-after-free condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel dm Raid KASAN Warning Vulnerability in Raid5 Disk Management

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating