CVE-2022-49400

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.14.0-86.el9.x86 64

Description A vulnerability in the Linux kernel has been resolved. The issue occurs in the raid0 personality of the md driver, where the mddev->private pointer is set to NULL after the pers->free() function is called. This can cause a NULL pointer dereference when the new raid device tries to access the mddev->private pointer, leading to a kernel panic. The panic can occur when the system attempts to dereference the NULL pointer, resulting in an invalid opcode error.

Recommendations For Linux kernel versions prior to 5.14.0-86.el9.x86 64, removing the code that sets mddev->private to NULL in raid0 can fix the problem. This can be achieved by modifying the raid0 free function to avoid setting mddev->private to NULL. As a temporary workaround, consider disabling the raid0 personality until a patch is available. Restrict access to the vulnerable md driver to minimize the risk of exploitation. Avoid using the affected raid0 functionality until the issue is resolved.