CVE-2022-21546

Source
https://cve.org/CVERecord?id=CVE-2022-21546
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21546.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-21546
Downstream
Related
Published
2025-05-02T21:52:09.864Z
Modified
2026-07-07T08:50:59.752316213Z
Summary
scsi: target: Fix WRITE_SAME No Data Buffer crash
Details

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: Fix WRITE_SAME No Data Buffer crash

In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sgwritesame --ndob" we will crash in targetcoreiblock/file's executewritesame handlers when we go to access the secmd->tdata_sg because its NULL.

This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal WRITE SAME with no data buffer.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21546.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "f6970ad31d42fceb38b5595cbad093a4d0bfcc43"
                },
                {
                    "fixed": "54e57be2573cf0b8bf650375fd8752987b6c3d3b"
                },
                {
                    "introduced": "f6970ad31d42fceb38b5595cbad093a4d0bfcc43"
                },
                {
                    "fixed": "d8e6a27e9238dd294d6f2f401655f300dca20899"
                },
                {
                    "introduced": "f6970ad31d42fceb38b5595cbad093a4d0bfcc43"
                },
                {
                    "fixed": "4226622647e3e5ac06d3ebc1605b917446157510"
                },
                {
                    "introduced": "f6970ad31d42fceb38b5595cbad093a4d0bfcc43"
                },
                {
                    "fixed": "ccd3f449052449a917a3e577d8ba0368f43b8f29"
                }
            ]
        }
    ],
    "cna_assigner": "oracle"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
19f949f52599ba7c3f67a5897ac6be14bfcb1200
Last affected
19f949f52599ba7c3f67a5897ac6be14bfcb1200
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "3.8"
        },
        {
            "last_affected": "3.8"
        }
    ]
}

Affected versions

3.*
3.8
v3.*
v3.8

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21546.json"