CVE-2022-21546

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-21546
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal WRITE SAME with no data buffer.

7.7 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc1605b917446157510
https://git.kernel.org/stable/c/ccd3f449052449a917a3e577d8ba0368f43b8f29
https://git.kernel.org/linus/ccd3f449052449a917a3e577d8ba0368f43b8f29
https://linux.oracle.com/cve/CVE-2022-21546.html
https://lore.kernel.org/all/20220628022325.14627-2-michael.christie@oracle.com/
Configurations

No configuration.

History

09 May 2025, 08:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc1605b917446157510 -

09 May 2025, 06:15

Type Values Removed Values Added
References
  • () https://git.kernel.org/stable/c/ccd3f449052449a917a3e577d8ba0368f43b8f29 -
Summary (en) In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. CVSS 3.1 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). (en) In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal WRITE SAME with no data buffer.

06 May 2025, 15:15

Type Values Removed Values Added
CWE CWE-476

05 May 2025, 20:54

Type Values Removed Values Added
Summary
  • (es) En versiones más recientes de las especificaciones de SBC, tenemos un bit NDOB que indica que no hay búfer de datos que se escriba. Si este bit se activa mediante comandos como "sg_write_same --ndob", se producirá un fallo en los controladores "execute_write_same" de target_core_iblock/file al acceder a se_cmd->t_data_sg, ya que es nulo. Puntuación base de CVSS 3.1: 7.7 (Afecta a la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

02 May 2025, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-02 22:15

Updated : 2025-05-09 08:15

NVD link : CVE-2022-21546

Mitre link : CVE-2022-21546

CVE.ORG link : CVE-2022-21546

JSON object : View

Products Affected

No product.

CWE
CWE-476

NULL Pointer Dereference