Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal WRITE SAME with no data buffer.

INFO

Published Date :

2025-05-02T21:52:09.864Z

Last Modified :

2025-12-23T13:19:46.318Z

Source :

oracle
AFFECTED PRODUCTS

The following products are affected by CVE-2022-21546 vulnerability.

Vendors Products
Debian
  • Debian Linux
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-21546.

URL Resource
https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc1605b917446157510 cve-icon cve-icon
https://git.kernel.org/stable/c/54e57be2573cf0b8bf650375fd8752987b6c3d3b cve-icon cve-icon
https://git.kernel.org/stable/c/ccd3f449052449a917a3e577d8ba0368f43b8f29 cve-icon cve-icon
https://git.kernel.org/stable/c/d8e6a27e9238dd294d6f2f401655f300dca20899 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact