CVE-2023-54123

The CVE-2023-54123 issue is in the Linux kernel md/raid10 path where, in the error path of raid10_run(), conf is freed but conf->bio_split is not, causing a memory leak. The root cause was that memory allocated for conf->bio_split was not freed in all error-handling paths; three exit points...

CVE-2022-50715

CVE-2022-50715 — Linux kernel md/raid1 NULL dereference during poweroff . When an md raid1 array fails to assemble with an inactive disk, the mdx_raid1 thread is not stopped, leading to a NULL pointer dereference during poweroff. The working fix is to unregister the md thread before freeing RAID1...

CVE-2022-50715 md/raid1: stop mdx_raid1 thread when raid1 array run failed

In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdxraid1 thread when raid1 array run failed fail run raid1 array when we assemble array with the inactive disk only, but the mdxraid1 thread were not stop, Even if the associated resources have been released. it wi...

CVE-2022-50715 md/raid1: stop mdx_raid1 thread when raid1 array run failed

In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdxraid1 thread when raid1 array run failed fail run raid1 array when we assemble array with the inactive disk only, but the mdxraid1 thread were not stop, Even if the associated resources have been released. it wi...

CVE-2025-68368

In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddevinit IO operations may be needed before mdrun, such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL pointer dereference, addres...

CVE-2025-68373 md: avoid repeated calls to del_gendisk

In the Linux kernel, the following vulnerability has been resolved: md: avoid repeated calls to delgendisk There is a uaf problem which is found by case 23rdev-lifetime: Oops: general protection fault, probably for non-canonical address 0xdead000000000122 RIP: 0010:bdiunregister+0x4b/0x170 Call...

CVE-2025-68368 md: init bioset in mddev_init

In the Linux kernel, the following vulnerability has been resolved: md: init bioset in mddevinit IO operations may be needed before mdrun, such as updating metadata after writing sysfs. Without bioset, this triggers a NULL pointer dereference as below: BUG: kernel NULL pointer dereference, addres...

PT-2025-52904

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the md subsystem, specifically in the mddev init function. The issue arises because IO operations might be required before md run, such as updatin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unnecessary bioput in raid5readonechunk, which could lead to duplicate releases...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an unreleased conf-biosplit in the raid10run error path, which could lead to a memory leak...

Linux Distros Unpatched Vulnerability : CVE-2022-50752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - md/raid5: Remove unnecessary bioput in raid5readonechunk When running chunk-sized reads on disks with badblocks duplicate bio free/puts are observed:...

PT-2025-53118

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the md/raid5 component. A double-free condition can occur during chunk-sized reads on disks with badblocks due to an unnecessary bio put call in...

PT-2025-53200

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the md/raid10 component of the Linux kernel. Specifically, within the raid10 run function's error handling path, memory allocated for conf-bio split is not freed...

Oracle Linux 7 : kernel (ELSA-2025-21063)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21063 advisory. - HID: core: fix shift-out-of-bounds in hidreportrawevent CVE-2022-48978 Orabug: 38644370 - crypto: seqiv - Handle EBUSY correctly CVE-2023-53373...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991154)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991154 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix KASAN warning in raid5adddisks There's a KASAN warning in raid5adddisk when running...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991153)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991153 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

CVE-2022-50583

In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use diskstacklimits to get a proper maxdiscardsectors rather than setting a value by stack drivers. And there is a bug. If all member disks are rotational...

CVE-2023-53832

A null pointer dereference flaw was found in the Linux kernel's RAID10 implementation. When recovery is skipped on a clean array, initresync is called but closesync is not, leaving conf-havereplacement incorrectly set to 0. If a replacement device is later added and recovery is triggered, replbio...

SUSE CVE-2023-53791

In the Linux kernel, the following vulnerability has been resolved: md: fix warning for holder mismatch from exportrdev Commit a1d767191096 "md: use mddev-external to select holder in exportrdev" fix the problem that 'claimrdev' is used for blkdevgetbydev while 'rdev' is used for blkdevput...

SUSE CVE-2023-53848

In the Linux kernel, the following vulnerability has been resolved: md/raid5-cache: fix a deadlock in r5lexitlog Commit b13015af94cf "md/raid5-cache: Clear conf-log after finishing work" introduce a new problem: // caller hold reconfigmutex r5lexitlog flushwork&log-disablewritebackwork...