{"dataType":"CVE_RECORD","cveMetadata":{"cveId":"CVE-2022-21546","assignerOrgId":"43595867-4340-4103-b7a2-9a5208d29a85","state":"PUBLISHED","assignerShortName":"oracle","dateReserved":"2021-11-15T19:29:08.898Z","datePublished":"2025-05-02T21:52:09.864Z","dateUpdated":"2026-05-11T18:43:57.019Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T18:43:57.019Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix WRITE_SAME No Data Buffer crash\n\nIn newer version of the SBC specs, we have a NDOB bit that indicates there\nis no data buffer that gets written out. If this bit is set using commands\nlike \"sg_write_same --ndob\" we will crash in target_core_iblock/file's\nexecute_write_same handlers when we go to access the se_cmd->t_data_sg\nbecause its NULL.\n\nThis patch adds a check for the NDOB bit in the common WRITE SAME code\nbecause we don't support it. And, it adds a check for zero SG elements in\neach handler in case the initiator tries to send a normal WRITE SAME with\nno data buffer."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_file.c","drivers/target/target_core_iblock.c","drivers/target/target_core_sbc.c"],"versions":[{"version":"f6970ad31d42fceb38b5595cbad093a4d0bfcc43","lessThan":"54e57be2573cf0b8bf650375fd8752987b6c3d3b","status":"affected","versionType":"git"},{"version":"f6970ad31d42fceb38b5595cbad093a4d0bfcc43","lessThan":"d8e6a27e9238dd294d6f2f401655f300dca20899","status":"affected","versionType":"git"},{"version":"f6970ad31d42fceb38b5595cbad093a4d0bfcc43","lessThan":"4226622647e3e5ac06d3ebc1605b917446157510","status":"affected","versionType":"git"},{"version":"f6970ad31d42fceb38b5595cbad093a4d0bfcc43","lessThan":"ccd3f449052449a917a3e577d8ba0368f43b8f29","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_file.c","drivers/target/target_core_iblock.c","drivers/target/target_core_sbc.c"],"versions":[{"version":"3.8","status":"affected"},{"version":"0","lessThan":"3.8","status":"unaffected","versionType":"semver"},{"version":"5.4.294","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.238","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.182","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"5.19","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.4.294"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.10.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.15.182"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.8","versionEndExcluding":"5.19"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/54e57be2573cf0b8bf650375fd8752987b6c3d3b"},{"url":"https://git.kernel.org/stable/c/d8e6a27e9238dd294d6f2f401655f300dca20899"},{"url":"https://git.kernel.org/stable/c/4226622647e3e5ac06d3ebc1605b917446157510"},{"url":"https://git.kernel.org/stable/c/ccd3f449052449a917a3e577d8ba0368f43b8f29"}],"title":"scsi: target: Fix WRITE_SAME No Data Buffer crash","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-476","lang":"en","description":"CWE-476 NULL Pointer Dereference"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-06T15:06:53.886424Z","id":"CVE-2022-21546","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-06T15:07:03.602Z"}},{"title":"CVE Program Container","references":[{"url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T17:30:59.924Z"}}]},"dataVersion":"5.2"}