CVE-2022-49987 in Linux
Summary
by MITRE • 06/18/2025
In the Linux kernel, the following vulnerability has been resolved:
md: call __md_stop_writes in md_stop
From the link [1], we can see raid1d was running even after the path
raid_dtr -> md_stop -> __md_stop.
Let's stop write first in destructor to align with normal md-raid to fix the KASAN issue.
[1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 01/16/2026
The vulnerability CVE-2022-49987 addresses a critical issue within the Linux kernel's md (multiple device) subsystem, specifically concerning the management of RAID devices during destruction operations. This flaw manifests in the improper handling of write operations when stopping RAID arrays, creating a potential race condition and memory corruption scenario. The issue occurs when the md_stop function fails to properly sequence the stopping of write operations before the destruction process begins, leading to inconsistent state management within the md-raid subsystem.
The technical root cause stems from the incorrect ordering of operations during RAID array destruction, where the __md_stop_writes function is not called before the md_stop operation completes. This sequence violation allows the RAID1d component to continue running even after the path raid_dtr -> md_stop -> __md_stop has been initiated, creating a scenario where write operations may still be active while the underlying data structures are being torn down. The KASAN (Kernel Address Sanitizer) issue that emerges from this improper sequencing demonstrates memory safety violations that can lead to system instability and potential security implications.
The operational impact of this vulnerability extends beyond simple system instability, as it can result in data corruption, system crashes, and potential privilege escalation opportunities within the kernel space. When RAID arrays are destroyed, the improper write stopping sequence creates a window where concurrent write operations might access freed memory or corrupted data structures, leading to unpredictable behavior. This vulnerability particularly affects systems relying heavily on md-raid functionality for storage management and can compromise the integrity of critical storage operations.
The fix implemented addresses this issue by ensuring that __md_stop_writes is called before the md_stop operation proceeds, aligning the destructor behavior with normal md-raid stopping procedures. This change enforces proper ordering of operations and prevents the race condition that allowed RAID1d to continue running during destruction. The solution follows established kernel development practices for managing resource cleanup and ensures that all pending write operations are properly terminated before the underlying data structures are released. This remediation aligns with CWE-129, which addresses improper handling of resource cleanup operations, and follows ATT&CK technique T1068, which involves exploiting privilege escalation through kernel vulnerabilities.
Security implications of this vulnerability extend to potential denial of service scenarios where properly constructed malicious inputs could trigger the race condition, as well as to data integrity concerns where corrupted memory access patterns might lead to information disclosure or manipulation. The fix ensures that the md-raid subsystem properly manages its lifecycle operations, preventing the scenario where storage operations continue while the underlying system state is being modified. This vulnerability highlights the importance of proper resource ordering in kernel space and demonstrates how seemingly minor sequencing issues can lead to significant stability and security concerns in core system components. The implementation of this fix strengthens the overall reliability of Linux storage management systems and prevents potential exploitation of the race condition for malicious purposes.