CVE-2022-50715 (GCVE-0-2022-50715)
Vulnerability from cvelistv5 – Published: 2025-12-24 12:22 – Updated: 2025-12-24 12:22
VLAI?
Title
md/raid1: stop mdx_raid1 thread when raid1 array run failed
Summary
In the Linux kernel, the following vulnerability has been resolved:
md/raid1: stop mdx_raid1 thread when raid1 array run failed
fail run raid1 array when we assemble array with the inactive disk only,
but the mdx_raid1 thread were not stop, Even if the associated resources
have been released. it will caused a NULL dereference when we do poweroff.
This causes the following Oops:
[ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070
[ 287.594762] #PF: supervisor read access in kernel mode
[ 287.599912] #PF: error_code(0x0000) - not-present page
[ 287.605061] PGD 0 P4D 0
[ 287.607612] Oops: 0000 [#1] SMP NOPTI
[ 287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G U 5.10.146 #0
[ 287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022
[ 287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]
[ 287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......
[ 287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202
[ 287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000
[ 287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800
[ 287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff
[ 287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800
[ 287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500
[ 287.692052] FS: 0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000
[ 287.700149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0
[ 287.713033] Call Trace:
[ 287.715498] raid1d+0x6c/0xbbb [raid1]
[ 287.719256] ? __schedule+0x1ff/0x760
[ 287.722930] ? schedule+0x3b/0xb0
[ 287.726260] ? schedule_timeout+0x1ed/0x290
[ 287.730456] ? __switch_to+0x11f/0x400
[ 287.734219] md_thread+0xe9/0x140 [md_mod]
[ 287.738328] ? md_thread+0xe9/0x140 [md_mod]
[ 287.742601] ? wait_woken+0x80/0x80
[ 287.746097] ? md_register_thread+0xe0/0xe0 [md_mod]
[ 287.751064] kthread+0x11a/0x140
[ 287.754300] ? kthread_park+0x90/0x90
[ 287.757974] ret_from_fork+0x1f/0x30
In fact, when raid1 array run fail, we need to do
md_unregister_thread() before raid1_free().
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d684ceb77311410aeaf5189d321f9f564838c49a
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 110f14a7b2eb5b8aa9df5af2d629524f2a07d543 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0c7c7468c3ae222e297b7dc74d6ccb69c4d0183c (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 19d5a0e17aba92b10d895e40ec782768cf00da23 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 10d713532ffc67b13df61ed9c138a8ce0a186236 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a3cc41e05e8af340a2a759b168c29fffdb9194eb (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 22be44212cad8be96860346882d8e694b0b437b6 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d26364596db8f8b55277b2afb3952e05a4057a21 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b611ad14006e5be2170d9e8e611bf49dff288911 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d684ceb77311410aeaf5189d321f9f564838c49a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "110f14a7b2eb5b8aa9df5af2d629524f2a07d543",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "0c7c7468c3ae222e297b7dc74d6ccb69c4d0183c",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "19d5a0e17aba92b10d895e40ec782768cf00da23",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "10d713532ffc67b13df61ed9c138a8ce0a186236",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a3cc41e05e8af340a2a759b168c29fffdb9194eb",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "22be44212cad8be96860346882d8e694b0b437b6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "d26364596db8f8b55277b2afb3952e05a4057a21",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b611ad14006e5be2170d9e8e611bf49dff288911",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.337",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.303",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.270",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.229",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.2",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: stop mdx_raid1 thread when raid1 array run failed\n\nfail run raid1 array when we assemble array with the inactive disk only,\nbut the mdx_raid1 thread were not stop, Even if the associated resources\nhave been released. it will caused a NULL dereference when we do poweroff.\n\nThis causes the following Oops:\n [ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070\n [ 287.594762] #PF: supervisor read access in kernel mode\n [ 287.599912] #PF: error_code(0x0000) - not-present page\n [ 287.605061] PGD 0 P4D 0\n [ 287.607612] Oops: 0000 [#1] SMP NOPTI\n [ 287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G U 5.10.146 #0\n [ 287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022\n [ 287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]\n [ 287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......\n [ 287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202\n [ 287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000\n [ 287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800\n [ 287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff\n [ 287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800\n [ 287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500\n [ 287.692052] FS: 0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000\n [ 287.700149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [ 287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0\n [ 287.713033] Call Trace:\n [ 287.715498] raid1d+0x6c/0xbbb [raid1]\n [ 287.719256] ? __schedule+0x1ff/0x760\n [ 287.722930] ? schedule+0x3b/0xb0\n [ 287.726260] ? schedule_timeout+0x1ed/0x290\n [ 287.730456] ? __switch_to+0x11f/0x400\n [ 287.734219] md_thread+0xe9/0x140 [md_mod]\n [ 287.738328] ? md_thread+0xe9/0x140 [md_mod]\n [ 287.742601] ? wait_woken+0x80/0x80\n [ 287.746097] ? md_register_thread+0xe0/0xe0 [md_mod]\n [ 287.751064] kthread+0x11a/0x140\n [ 287.754300] ? kthread_park+0x90/0x90\n [ 287.757974] ret_from_fork+0x1f/0x30\n\nIn fact, when raid1 array run fail, we need to do\nmd_unregister_thread() before raid1_free()."
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T12:22:39.763Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d684ceb77311410aeaf5189d321f9f564838c49a"
},
{
"url": "https://git.kernel.org/stable/c/110f14a7b2eb5b8aa9df5af2d629524f2a07d543"
},
{
"url": "https://git.kernel.org/stable/c/0c7c7468c3ae222e297b7dc74d6ccb69c4d0183c"
},
{
"url": "https://git.kernel.org/stable/c/19d5a0e17aba92b10d895e40ec782768cf00da23"
},
{
"url": "https://git.kernel.org/stable/c/10d713532ffc67b13df61ed9c138a8ce0a186236"
},
{
"url": "https://git.kernel.org/stable/c/a3cc41e05e8af340a2a759b168c29fffdb9194eb"
},
{
"url": "https://git.kernel.org/stable/c/22be44212cad8be96860346882d8e694b0b437b6"
},
{
"url": "https://git.kernel.org/stable/c/d26364596db8f8b55277b2afb3952e05a4057a21"
},
{
"url": "https://git.kernel.org/stable/c/b611ad14006e5be2170d9e8e611bf49dff288911"
}
],
"title": "md/raid1: stop mdx_raid1 thread when raid1 array run failed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-50715",
"datePublished": "2025-12-24T12:22:39.763Z",
"dateReserved": "2025-12-24T12:20:40.329Z",
"dateUpdated": "2025-12-24T12:22:39.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-50715\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-12-24T13:15:58.130\",\"lastModified\":\"2025-12-24T13:15:58.130\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmd/raid1: stop mdx_raid1 thread when raid1 array run failed\\n\\nfail run raid1 array when we assemble array with the inactive disk only,\\nbut the mdx_raid1 thread were not stop, Even if the associated resources\\nhave been released. it will caused a NULL dereference when we do poweroff.\\n\\nThis causes the following Oops:\\n [ 287.587787] BUG: kernel NULL pointer dereference, address: 0000000000000070\\n [ 287.594762] #PF: supervisor read access in kernel mode\\n [ 287.599912] #PF: error_code(0x0000) - not-present page\\n [ 287.605061] PGD 0 P4D 0\\n [ 287.607612] Oops: 0000 [#1] SMP NOPTI\\n [ 287.611287] CPU: 3 PID: 5265 Comm: md0_raid1 Tainted: G U 5.10.146 #0\\n [ 287.619029] Hardware name: xxxxxxx/To be filled by O.E.M, BIOS 5.19 06/16/2022\\n [ 287.626775] RIP: 0010:md_check_recovery+0x57/0x500 [md_mod]\\n [ 287.632357] Code: fe 01 00 00 48 83 bb 10 03 00 00 00 74 08 48 89 ......\\n [ 287.651118] RSP: 0018:ffffc90000433d78 EFLAGS: 00010202\\n [ 287.656347] RAX: 0000000000000000 RBX: ffff888105986800 RCX: 0000000000000000\\n [ 287.663491] RDX: ffffc90000433bb0 RSI: 00000000ffffefff RDI: ffff888105986800\\n [ 287.670634] RBP: ffffc90000433da0 R08: 0000000000000000 R09: c0000000ffffefff\\n [ 287.677771] R10: 0000000000000001 R11: ffffc90000433ba8 R12: ffff888105986800\\n [ 287.684907] R13: 0000000000000000 R14: fffffffffffffe00 R15: ffff888100b6b500\\n [ 287.692052] FS: 0000000000000000(0000) GS:ffff888277f80000(0000) knlGS:0000000000000000\\n [ 287.700149] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\\n [ 287.705897] CR2: 0000000000000070 CR3: 000000000320a000 CR4: 0000000000350ee0\\n [ 287.713033] Call Trace:\\n [ 287.715498] raid1d+0x6c/0xbbb [raid1]\\n [ 287.719256] ? __schedule+0x1ff/0x760\\n [ 287.722930] ? schedule+0x3b/0xb0\\n [ 287.726260] ? schedule_timeout+0x1ed/0x290\\n [ 287.730456] ? __switch_to+0x11f/0x400\\n [ 287.734219] md_thread+0xe9/0x140 [md_mod]\\n [ 287.738328] ? md_thread+0xe9/0x140 [md_mod]\\n [ 287.742601] ? wait_woken+0x80/0x80\\n [ 287.746097] ? md_register_thread+0xe0/0xe0 [md_mod]\\n [ 287.751064] kthread+0x11a/0x140\\n [ 287.754300] ? kthread_park+0x90/0x90\\n [ 287.757974] ret_from_fork+0x1f/0x30\\n\\nIn fact, when raid1 array run fail, we need to do\\nmd_unregister_thread() before raid1_free().\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0c7c7468c3ae222e297b7dc74d6ccb69c4d0183c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/10d713532ffc67b13df61ed9c138a8ce0a186236\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/110f14a7b2eb5b8aa9df5af2d629524f2a07d543\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/19d5a0e17aba92b10d895e40ec782768cf00da23\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/22be44212cad8be96860346882d8e694b0b437b6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a3cc41e05e8af340a2a759b168c29fffdb9194eb\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/b611ad14006e5be2170d9e8e611bf49dff288911\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d26364596db8f8b55277b2afb3952e05a4057a21\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/d684ceb77311410aeaf5189d321f9f564838c49a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…