PT-2025-8607 · Linux+2 · Linux Kernel+2

Heinz Mauelshagen

Published

2022-06-27

Updated

2025-04-18

CVE-2022-49674

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, related to out-of-bounds memory accesses in the dm-raid table load. The issue occurs when the number of raid metadata and image tuples passed into the target's constructor differs from the current number of members for existing raid sets. This can happen during RAID layout changes, such as adding or removing raid1 legs, changing the number of stripes in raid4/5/6/10, or taking over to a higher raid level. The vulnerability was discovered using KASAN and has been fixed by changing the code prone to out-of-bounds access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2026-02253

CVE-2022-49674

OESA-2025-1432

OPENSUSE-SU-2025_1263-1

RHSA-2022:7683

RHSA-2026:6953

RHSA-2026:6961

RHSA-2026:7003

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025:1293-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

SUSE-SU-2025_1293-1

Affected Products

Astra Linux

Linux Kernel

Suse

PT-2025-8607 · Linux+2 · Linux Kernel+2

CVE-2022-49674

Weakness Enumeration

Related Identifiers

Affected Products

References · 1517