SB20250619152 - Use-after-free in Linux kernel md driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2022-50211)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the raid10_remove_disk() function in drivers/md/raid10.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/0f4d18cbea4a6e37a05fd8ee2887439f85211110
• https://git.kernel.org/stable/c/5f57843565131bb782388f9d993f9ee8f453dee1
• https://git.kernel.org/stable/c/5fd4ffa2372a41361d2bdd27ea5730e4e673240c
• https://git.kernel.org/stable/c/75fbd370a2cec9e92f48285bd90735ed0c837f52
• https://git.kernel.org/stable/c/7a6ccc8fa192fd357c2d5d4c6ce67c834a179e23
• https://git.kernel.org/stable/c/bcbdc26a44aba488d2f7122f2d66801bccb74733
• https://git.kernel.org/stable/c/bf30b9ba09b0ac2a10f04dce2b0835ec4d178aa6
• https://git.kernel.org/stable/c/ce839b9331c11780470f3d727b6fe3c2794a4620
• https://git.kernel.org/stable/c/d17f744e883b2f8d13cca252d71cfe8ace346f7d
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.291
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.256
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.326
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.137
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.61
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.18.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19.2
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.211
• https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0