Linux Kernel dm Raid Address Sanitizer Warning Vulnerability

A vulnerability in the Linux kernel's dm raid component has been identified, which causes a slab-out-of-bounds error. This issue arises when the kernel is compiled with the address sanitizer enabled and the dm raid status function is called. The problem occurs because the raid_status function incorrectly assumes that the private data of the mddev structure always points to a r5conf structure, which is only true for certain RAID types. As a result, the function may read invalid memory, triggering a warning from the address sanitizer.

Impact

Exploitation of this vulnerability leads to a slab-out-of-bounds memory access, which can potentially be exploited to cause a denial-of-service condition or to manipulate memory in a way that could be exploited for arbitrary code execution.

Reproduction

To reproduce this vulnerability, use a Linux kernel version that is affected by this issue, such as 5.18.0-0.rc3. Compile the kernel with the address sanitizer enabled. Then, run the kernel with the address sanitizer active and execute the dm raid status command. This will trigger the vulnerability, causing the address sanitizer to report a slab-out-of-bounds error.