Denial of Service Vulnerability in Oracle Linux I/O Subsystem
CVE-2022-21546

7.7HIGH

Key Information:

Vendor
Linux
Status
Linux
Vendor
CVE Published:
2 May 2025

Summary

A Denial of Service vulnerability exists in the Oracle Linux I/O subsystem. This issue arises when a specific bit in the newer SBC specifications, known as the NDOB bit, is set to indicate that no data buffer should be written. Executing commands like 'sg_write_same --ndob' can lead to a system crash, as the system attempts to access a NULL pointer in the execute_write_same handlers of target_core_iblock/file. This flaw disrupts availability, exposing users to potential downtime and service outages.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4226622647e3e5ac06d3ebc1605b917446157510

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 5.15.182 <= 5.15.*

References

https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc16...
https://git.kernel.org/stable/c/ccd3f449052449a917a3e577d...

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-21546 : Denial of Service Vulnerability in Oracle Linux I/O Subsystem | SecurityVulnerability.io