Security readout for executives and security teams
Plain-English summary
CVE-2022-50211 is a Linux kernel RAID10 bug where a disk-removal path can read past an allocated memory object. The public record shows it was found through KASAN during an LVM RAID reshape test. Business risk is mainly for Linux systems using software RAID10 or dm-raid features, but severity and exploitability are not quantified in the sources.
Executive priority
Handle through normal kernel patch management unless the environment depends heavily on Linux software RAID10 operations. There is no source-supported evidence of active exploitation, but kernel memory safety bugs in storage paths deserve timely remediation on exposed operational systems.
Technical view
The issue is in md-raid10, specifically raid10_remove_disk. The fix validates the disk slot value called "number" before use, preventing a KASAN-detected slab out-of-bounds read. The trace involves dm_raid, md_check_recovery, raid10d, and remove_and_add_spares during RAID reshape or recovery-related handling.
Likely exposure
Exposure is most plausible on Linux hosts using md RAID10, dm-raid, or LVM RAID reshape workflows. Systems not using these kernel RAID10 paths are less likely to be reachable through the described behavior. The affected-version data is ambiguous in the bundle and should be checked against vendor kernel packages.
Exploitation context
The bundle does not show active exploitation, public exploit availability, or KEV listing. The evidence is a KASAN warning from a controlled LVM test scenario, not a demonstrated attack path. Treat exploitation requirements and security impact as not established from the provided sources.
Researcher notes
The record lacks CVSS, CWE, and a clear exploitability assessment. The source states the fix validates "number" in raid10_remove_disk. The stack trace suggests dm-raid/LVM reshape context, but the bundle does not prove remote reachability, privilege requirements, confidentiality impact, or denial-of-service impact.
Mitigation direction
Check vendor kernel advisories for CVE-2022-50211 applicability.
Update affected Linux kernels to builds containing the referenced stable fixes.
Prioritize systems using md RAID10, dm-raid, or LVM RAID reshape operations.
Avoid unnecessary RAID reshape or disk-removal operations until patched, where operationally feasible.
Validation and detection
Inventory Linux systems using md RAID10, dm-raid, or LVM RAID volumes.
Map running kernel versions to vendor-fixed packages or referenced stable commits.
Review kernel logs for RAID10, md, dm_raid, or KASAN out-of-bounds messages.
Confirm patched systems boot the expected fixed kernel version.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2022-50211 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
0CVSS vectors
3Timeline events
0ADP providers
10Source links
Vulnerability timeline
Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.
CVE reservedCVE Program
The CVE ID was reserved by the assigning CNA.
CVE publishedCVE Program
The CVE record was published.
Jun 18, 2025, 11:03 UTC (UTC+00:00)
CVE updatedCVE Program
The CVE record metadata indicates this as the latest update time.