Denial of Service Vulnerability in Oracle Linux I/O Subsystem
CVE-2022-21546

7.7HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 2 May 2025

What is CVE-2022-21546?

A Denial of Service vulnerability exists in the Oracle Linux I/O subsystem. This issue arises when a specific bit in the newer SBC specifications, known as the NDOB bit, is set to indicate that no data buffer should be written. Executing commands like 'sg_write_same --ndob' can lead to a system crash, as the system attempts to access a NULL pointer in the execute_write_same handlers of target_core_iblock/file. This flaw disrupts availability, exposing users to potential downtime and service outages.

Affected Version(s)

Linux f6970ad31d42fceb38b5595cbad093a4d0bfcc43 < 54e57be2573cf0b8bf650375fd8752987b6c3d3b

Linux f6970ad31d42fceb38b5595cbad093a4d0bfcc43

Linux f6970ad31d42fceb38b5595cbad093a4d0bfcc43 < 4226622647e3e5ac06d3ebc1605b917446157510

References

https://git.kernel.org/stable/c/54e57be2573cf0b8bf650375f...

https://git.kernel.org/stable/c/d8e6a27e9238dd294d6f2f401...

https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc16...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
May 2, 2025
Vulnerability Reserved
Nov 15, 2021

JSON