Comment # 14 on bug 910500 from Neil Brown

(In reply to Marcus Meissner from comment #12)
> Is this USB attack vector valid? Can this really happen on just plugging in
> a prepared USB stick?

Yes.
If you plug in a USB which has been configured as the working device in a
degraded RAID1, then udev will run "mdadm -I devicename" and the array will
be activated.  This is not unlike the way a FAT filesystem will automatically
be mounted.

Once the array has been assembled, /usr/share/mdadm/mdcheck will (at 1am) find
it as a "/dev/md*" and will try to extra the UUID to decide what is to be done.