Heinz Mauelshagen

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to out-of-bounds memory accesses in the dm-raid table load. The issue occurs when the number of raid metadata and image tuples passed into the target's constructor differs from the current number of members for existing raid sets. This can happen during RAID layout changes, such as adding or removing raid1 legs, changing the number of stripes in raid4/5/6/10, or taking over to a higher raid level. The vulnerability was discovered using KASAN and has been fixed by changing the code prone to out-of-bounds access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.