Denial of Service Vulnerability in Oracle Linux I/O Subsystem
CVE-2022-21546
7.7HIGH
What is CVE-2022-21546?
A Denial of Service vulnerability exists in the Oracle Linux I/O subsystem. This issue arises when a specific bit in the newer SBC specifications, known as the NDOB bit, is set to indicate that no data buffer should be written. Executing commands like 'sg_write_same --ndob' can lead to a system crash, as the system attempts to access a NULL pointer in the execute_write_same handlers of target_core_iblock/file. This flaw disrupts availability, exposing users to potential downtime and service outages.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 54e57be2573cf0b8bf650375fd8752987b6c3d3b
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 4226622647e3e5ac06d3ebc1605b917446157510