How severe is CVE-2022-21546?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.7 out of 10.

What type of vulnerability is CVE-2022-21546?

This is classified as CWE-476, which is a common weakness in software security.

CVE-2022-21546 - HIGH Severity | CVSS 7.7

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal WRITE SAME with no data buffer.

Related Vulnerabilities

CVE-2008-2812

HIGH

CVSS:7.8(High)

The Linux kernel before 2.6.25.10 does not properly perform tty operations, which allows local users to cause a denial of service (system crash) or possibly gain privileges via vectors involving NULL ...

CWE-4762008

CVE-2009-2698

HIGH

CVSS:7.8(High)

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NU...

CWE-4762009

CVE-2009-2768

HIGH

CVSS:7.8(High)

The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and syst...

CWE-4762009

CVE-2009-3620

HIGH

CVSS:7.8(High)

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of ...

CWE-4762009

CVE-2010-2798

HIGH

CVSS:7.8(High)

The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux kernel before 2.6.35 uses an incorrect size value in calculations associated with sentinel directory entries, which allows local users...

CWE-4762010

CVE-2010-2960

HIGH

CVSS:7.8(High)

The keyctl_session_to_parent function in security/keys/keyctl.c in the Linux kernel 2.6.35.4 and earlier expects that a certain parent session keyring exists, which allows local users to cause a denia...

CWE-4762010