Primary

Context

Linux Kernel KASAN Warning in md-raid10 Component

Vulnerability

A KASAN (Kernel Address Sanitizer) warning indicating a slab-out-of-bounds error has been identified in the Linux kernel's md-raid10 component. This issue arises in the 'raid10_remove_disk' function when the 'lvmtest lvconvert-raid-reshape.sh' script is executed. The warning is triggered by an invalid memory access, where a read operation attempts to access memory outside the allocated buffer. The vulnerability has been addressed by adding a validation step to ensure that the 'number' value is within an acceptable range.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory access, potentially causing memory corruption or allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by running the 'lvmtest lvconvert-raid-reshape.sh' script, which triggers the KASAN warning by causing an invalid memory access in the 'raid10_remove_disk' function.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Jun 18, 2025, 1:32 PM

Updated: Jun 18, 2025, 1:32 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.7

remediation

0.0

relevance

0.2

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel KASAN Warning in md-raid10 Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating