CVE-2022-49673 in Linux
Summary
by MITRE • 02/26/2025
In the Linux kernel, the following vulnerability has been resolved:
dm raid: fix KASAN warning in raid5_add_disks
There's a KASAN warning in raid5_add_disk when running the LVM testsuite. The warning happens in the test lvconvert-raid-reshape-linear_to_raid6-single-type.sh. We fix the warning by verifying that rdev->saved_raid_disk is within limits.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/24/2025
The vulnerability identified as CVE-2022-49673 represents a kernel-level issue within the Linux Device Mapper RAID subsystem that manifests as a KASAN (Kernel Address Sanitizer) warning during RAID operations. This particular flaw occurs within the dm raid5_add_disks function where improper bounds checking leads to potential memory access violations. The warning specifically emerges during execution of the LVM test suite, particularly in the lvconvert-raid-reshape-linear_to_raid6-single-type.sh test case, indicating that the issue is triggered during logical volume conversion operations involving RAID reshaping from linear to RAID6 configurations. The root cause stems from the absence of validation for the rdev->saved_raid_disk field, which when unchecked can contain invalid values that exceed the expected array limits, creating a potential pathway for memory corruption or unauthorized access patterns.
The technical implementation of this vulnerability involves a classic buffer overflow or out-of-bounds access scenario where the kernel fails to validate input parameters before processing them within the RAID management subsystem. The rdev->saved_raid_disk field represents a critical data structure element that tracks the original RAID disk assignment during reshape operations, and without proper validation, malicious or malformed input can cause the kernel to access memory locations outside the intended bounds. This flaw directly relates to CWE-129, which addresses insufficient validation of length of input buffers, and more specifically to CWE-787, which deals with out-of-bounds write operations. The vulnerability's presence in the KASAN warning system indicates that the kernel's memory safety mechanisms detected the potentially dangerous memory access pattern, though the actual exploitation may require specific conditions to be met during the RAID reshape process.
The operational impact of CVE-2022-49673 extends beyond simple memory corruption, as it can potentially lead to system instability, data integrity issues, and in severe cases, privilege escalation or denial of service conditions within systems relying on LVM and RAID functionality. When triggered during RAID reshape operations, particularly during linear to RAID6 conversions, the vulnerability can cause the kernel to crash or behave unpredictably, potentially corrupting data on affected storage volumes. The attack surface is primarily limited to systems running Linux kernels with Device Mapper RAID support and executing LVM operations that involve RAID reshaping, but given the fundamental nature of kernel memory management, any system utilizing these features could be at risk. The vulnerability aligns with ATT&CK technique T1068, which covers "Exploitation for Privilege Escalation," as memory corruption in kernel space can potentially be leveraged to gain elevated privileges or execute arbitrary code with kernel-level access.
Mitigation strategies for this vulnerability should focus on immediate kernel updates from the vendor, as the fix involves implementing proper bounds checking for the rdev->saved_raid_disk field to ensure values remain within acceptable limits before processing. System administrators should prioritize patching affected kernels, particularly those running LVM configurations with RAID functionality, as the vulnerability specifically targets the dm raid5_add_disks function during reshape operations. Additional monitoring should be implemented to detect potential KASAN warnings or kernel oops messages during RAID operations, as these can serve as early indicators of similar memory corruption issues. Organizations should also review their LVM and RAID configuration practices to minimize exposure during high-risk operations such as reshape conversions, and maintain regular kernel security updates to address similar vulnerabilities that may exist in the broader kernel codebase. The fix implementation should be validated through comprehensive testing of the affected LVM test suite to ensure that the KASAN warning no longer occurs during normal operations.