Linux Kernel RAID Device Array Out-of-Bounds Access Vulnerability

A vulnerability in the Linux kernel's device-mapper RAID implementation allows for out-of-bounds memory access in RAID device arrays. This issue arises when the dm-raid table is loaded, as the allocation of the device array does not properly account for changes in RAID layout that may differ from the current number of members defined in the superblocks. Such layout changes can include modifications to RAID1 legs or adjustments in RAID4/5/6/10 stripe counts. The vulnerability was identified using the Kernel Address Sanitizer (KASAN), and the subsequent memory access beyond the allocated array was fixed by ensuring that the correct number of RAID disks was used in control loops, validating all added devices, and cleaning up the iteration process over RAID devices.

Impact

Exploitation of this vulnerability leads to out-of-bounds memory access, which can potentially be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the system.