CVE-2022-21546
Severity CVSS v4.0:
Pending analysis
Type:
CWE-476
NULL Pointer Dereference
Publication date:
02/05/2025
Last modified:
09/05/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: target: Fix WRITE_SAME No Data Buffer crash<br />
<br />
In newer version of the SBC specs, we have a NDOB bit that indicates there<br />
is no data buffer that gets written out. If this bit is set using commands<br />
like "sg_write_same --ndob" we will crash in target_core_iblock/file&#39;s<br />
execute_write_same handlers when we go to access the se_cmd->t_data_sg<br />
because its NULL.<br />
<br />
This patch adds a check for the NDOB bit in the common WRITE SAME code<br />
because we don&#39;t support it. And, it adds a check for zero SG elements in<br />
each handler in case the initiator tries to send a normal WRITE SAME with<br />
no data buffer.
Impact
Base Score 3.x
7.70
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc1605b917446157510
- https://git.kernel.org/stable/c/ccd3f449052449a917a3e577d8ba0368f43b8f29
- https://git.kernel.org/linus/ccd3f449052449a917a3e577d8ba0368f43b8f29
- https://linux.oracle.com/cve/CVE-2022-21546.html
- https://lore.kernel.org/all/20220628022325.14627-2-michael.christie@oracle.com/