{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T18:50:49.480","vulnerabilities":[{"cve":{"id":"CVE-2022-49674","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-26T07:01:42.320","lastModified":"2025-10-24T15:51:49.833","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ndm raid: fix accesses beyond end of raid member array\n\nOn dm-raid table load (using raid_ctr), dm-raid allocates an array\nrs->devs[rs->raid_disks] for the raid device members. rs->raid_disks\nis defined by the number of raid metadata and image tupples passed\ninto the target's constructor.\n\nIn the case of RAID layout changes being requested, that number can be\ndifferent from the current number of members for existing raid sets as\ndefined in their superblocks. Example RAID layout changes include:\n- raid1 legs being added/removed\n- raid4/5/6/10 number of stripes changed (stripe reshaping)\n- takeover to higher raid level (e.g. raid5 -> raid6)\n\nWhen accessing array members, rs->raid_disks must be used in control\nloops instead of the potentially larger value in rs->md.raid_disks.\nOtherwise it will cause memory access beyond the end of the rs->devs\narray.\n\nFix this by changing code that is prone to out-of-bounds access.\nAlso fix validate_raid_redundancy() to validate all devices that are\nadded. Also, use braces to help clean up raid_iterate_devices().\n\nThe out-of-bounds memory accesses was discovered using KASAN.\n\nThis commit was verified to pass all LVM2 RAID tests (with KASAN\nenabled)."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm raid: se corrigen los accesos más allá del final de la matriz de miembros raid Al cargar la tabla dm-raid (usando raid_ctr), dm-raid asigna una matriz rs->devs[rs->raid_disks] para los miembros del dispositivo raid. rs->raid_disks se define por la cantidad de metadatos raid y tuplas de imágenes pasadas al constructor del objetivo. En el caso de que se soliciten cambios en el diseño RAID, ese número puede ser diferente del número actual de miembros para los conjuntos raid existentes según lo definido en sus superbloques. Los ejemplos de cambios en el diseño RAID incluyen: - patas raid1 que se agregan/eliminan - número de franjas raid4/5/6/10 cambiado (remodelación de franjas) - toma de control a un nivel raid más alto (por ejemplo, raid5 -> raid6) Al acceder a los miembros de la matriz, se debe usar rs->raid_disks en bucles de control en lugar del valor potencialmente más grande en rs->md.raid_disks. De lo contrario, se producirá un acceso a la memoria más allá del final de la matriz rs->devs. Solucione esto modificando el código que es propenso a accesos fuera de los límites. También corrija validation_raid_redundancy() para validar todos los dispositivos que se agregan. Además, use llaves para ayudar a limpiar raid_iterate_devices(). Los accesos a la memoria fuera de los límites se descubrieron utilizando KASAN. Se verificó que esta confirmación pasara todas las pruebas RAID LVM2 (con KASAN habilitado)."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.14.287","matchCriteriaId":"CBFBBF7F-3A45-4578-828E-639EFFEA2165"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.251","matchCriteriaId":"83E1438F-F12B-4581-9EF4-B104DAEFFD41"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.204","matchCriteriaId":"73056417-5BD5-453F-8EEC-2D5C48185372"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.129","matchCriteriaId":"DAAE3E52-3C60-40CA-A245-AE5660F45CD8"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.53","matchCriteriaId":"70DCF327-F4B6-4CDB-8C9E-98E909E60127"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.18.10","matchCriteriaId":"8261A22B-B156-4045-AE8E-AA9E95E7930C"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.19:rc1:*:*:*:*:*:*","matchCriteriaId":"A8C30C2D-F82D-4D37-AB48-D76ABFBD5377"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.19:rc2:*:*:*:*:*:*","matchCriteriaId":"BF8547FC-C849-4F1B-804B-A93AE2F04A92"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.19:rc3:*:*:*:*:*:*","matchCriteriaId":"F3068028-F453-4A1C-B80F-3F5609ACEF60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:5.19:rc4:*:*:*:*:*:*","matchCriteriaId":"2E9C0DB0-D349-489F-A3D6-B77214E93A8A"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/332bd0778775d0cf105c4b9e03e460b590749916","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/5e161a8826b63c0b8b43e4a7fad1f956780f42ab","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/6352b2f4d8e95ec0ae576d7705435d64cfa29503","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/90de15357504c8097ab29769dc6852e16281e9e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/9bf2b0757b04c78dc5d6e3a198acca98457b32a1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bcff98500ea3b4e7615ec31d2bdd326bc1ef5134","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/df1a5ab0dd0775f2ea101c71f2addbc4c0ea0f85","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}