Linux · Mdadm · CVE-2014-5220
**Name of the Vulnerable Software and Affected Versions**
mdadm versions prior to 3.3.1-5.14.1
**Description**
The issue is related to the mdcheck script of the mdadm package, which does not properly sanitize device names. This allows local attackers to execute arbitrary commands as root.
**Recommendations**
For versions prior to 3.3.1-5.14.1, update to version 3.3.1-5.14.1 or later to resolve the issue.