SCSI Device Removal Vulnerability in Linux Kernel by Vendor

CVE-2022-50215

What is CVE-2022-50215?

A vulnerability in the Linux kernel affects SCSI devices during active use. When a user attempts to wait for commands on a removed SCSI device, the kernel immediately returns an ENODEV error. This abrupt handling can lead to serious issues, such as corrupted memory in userspace or erroneous data being sent to the device. This problem arises particularly in situations involving the iSCSI driver, where commands may still be processed even after a device is marked for removal. The resolution changes this policy to allow userspace to wait for commands to complete safely before reporting ENODEV.

References