CVE-2022-21546

scsi: target: Fix WRITE_SAME No Data Buffer crash

Published: 5/2/2025 Last updated: 11/3/2025 Reserved: 11/15/2021

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal WRITE SAME with no data buffer.

CNA assigner: oracle (43595867-4340-4103-b7a2-9a5208d29a85) Requested by: n/a

Opam packages affected (27)

albatross cdrom conf-bpftool conf-libbpf conf-linux-libc-dev core core_unix hvsock mirage-block-unix mm ocaml-probes orun rawlink rawlink-eio rawlink-lwt shell solo5 solo5-bindings-hvt solo5-bindings-spt solo5-cross-aarch64 solo5-kernel-ukvm tracy-client tuntap uring vhd-format vhd-format-lwt xapi-stdext-unix

Products affected (4)

Product	Vendor	Version
Linux	Linux	all
Linux	Linux	11.6.12
Linux	Linux	n/a
Linux	Linux	10.3.1

CVE-2022-21546

scsi: target: Fix WRITE_SAME No Data Buffer crash

Opam packages affected (27)

Products affected (4)

References (10)