CVE-2022-50084 Affecting kernel-debug-modules-internal package, versions *
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CENTOS8-KERNELDEBUGMODULESINTERNAL-10413608
- published19 Jun 2025
- disclosed18 Jun 2025
Introduced: 18 Jun 2025
NewCVE-2022-50084 (opens in a new tab)How to fix?
There is no fixed version for Centos:8 kernel-debug-modules-internal.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-debug-modules-internal package and not the kernel-debug-modules-internal package as distributed by Centos.
See How to fix? for Centos:8 relevant fixed versions and status.
In the Linux kernel, the following vulnerability has been resolved:
dm raid: fix address sanitizer warning in raid_status
There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/storage/swraid/scsi_raid
================================================================== BUG: KASAN: slab-out-of-bounds in raid_status+0x1747/0x2820 [dm_raid] Read of size 4 at addr ffff888079d2c7e8 by task lvcreate/13319 CPU: 0 PID: 13319 Comm: lvcreate Not tainted 5.18.0-0.rc3.<snip> #1 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0x6a/0x9c print_address_description.constprop.0+0x1f/0x1e0 print_report.cold+0x55/0x244 kasan_report+0xc9/0x100 raid_status+0x1747/0x2820 [dm_raid] dm_ima_measure_on_table_load+0x4b8/0xca0 [dm_mod] table_load+0x35c/0x630 [dm_mod] ctl_ioctl+0x411/0x630 [dm_mod] dm_ctl_ioctl+0xa/0x10 [dm_mod] __x64_sys_ioctl+0x12a/0x1a0 do_syscall_64+0x5b/0x80
The warning is caused by reading conf->max_nr_stripes in raid_status. The code in raid_status reads mddev->private, casts it to struct r5conf and reads the entry max_nr_stripes.
However, if we have different raid type than 4/5/6, mddev->private doesn't point to struct r5conf; it may point to struct r0conf, struct r1conf, struct r10conf or struct mpconf. If we cast a pointer to one of these structs to struct r5conf, we will be reading invalid memory and KASAN warns about it.
Fix this bug by reading struct r5conf only if raid type is 4, 5 or 6.
References
- https://access.redhat.com/security/cve/CVE-2022-50084
- https://git.kernel.org/stable/c/1ae0ebfb576b72c2ef400917a5484ebe7892d80b
- https://git.kernel.org/stable/c/1fbeea217d8f297fe0e0956a1516d14ba97d0396
- https://git.kernel.org/stable/c/49dba30638e091120256a9e89125340795f034dc
- https://git.kernel.org/stable/c/4c233811a49578634d10a5e70a9dfa569d451e94
- https://git.kernel.org/stable/c/90b006da40dd42285b24dd3c940d2c32aca9a70b
- https://git.kernel.org/stable/c/b4c6c07c92b6cba2bf3cb2dfa722debeaf8a8abe
- https://git.kernel.org/stable/c/b856ce5f4b55f752144baf17e9d5c415072652c5
- https://git.kernel.org/stable/c/cb583ca6125ac64c98e9d65128e95ebb5be7d322
- https://git.kernel.org/stable/c/d8971b595d7adac3421c21f59918241f1574061e