Linux Kernel Out-of-Bounds Write Vulnerability in RAID1 Component

A potential out-of-bounds write vulnerability has been identified in the Linux kernel's RAID1 implementation. The issue arises in the 'raid1_remove_disk' function, where the 'raid_disk' value of a device can exceed the total number of disks in the RAID array. This discrepancy can lead to memory corruption by writing outside the intended buffer boundaries. The vulnerability affects several versions of the Linux kernel.

Impact

Exploitation of this vulnerability could lead to memory corruption, potentially allowing for arbitrary code execution or causing a system crash.

Reproduction

The vulnerability can be reproduced by creating a software RAID1 array and then attempting to remove a disk from the array. If the 'raid_disk' value of the disk being removed is greater than the total number of disks in the array, the 'raid1_remove_disk' function will write outside the bounds of the allocated memory, causing a buffer overflow.

Remediation

Users can upgrade to the latest version of the Linux kernel, where this vulnerability has been addressed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation.