published date: May 2, 2025

CVE-2022-21546 : In newer version of...

Description

In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because its NULL. CVSS 3.1 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

CVSS:7.7 [Critical]
EPSS:0.28%
Exploitability:3.1
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2022-21546, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2022-21546 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-21546

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales