Overview
This report details a recently disclosed vulnerability, CVE-2022-21546, that affects the Linux kernel. The vulnerability lies specifically in the scsi: target subsystem and can potentially lead to system compromise or data leakage. With a CVSS score of 7.7, this vulnerability presents a considerable risk for systems running on the Linux kernel and underscores the need for immediate remediation.
Vulnerability Summary
CVE ID: CVE-2022-21546
Severity: High (CVSS: 7.7)
Attack Vector: Network
Privileges Required: Low
User Interaction: None
Impact: Potential system compromise and data leakage
Affected Products
A new way to communicate
Ameeba Chat is built on encrypted identity, not personal profiles.
Message, call, share files, and coordinate with identities kept separate.
- • Encrypted identity
- • Ameeba Chat authenticates access
- • Aliases and categories
- • End-to-end encrypted chat, calls, and files
- • Secure notes for sensitive information
Private communication, rethought.
Product | Affected Versions
Linux Kernel | Versions prior to patch
How the Exploit Works
The vulnerability resides in the WRITE_SAME function of the scsi: target subsystem in the Linux kernel. The WRITE_SAME function allows an attacker to use commands like “sg_write_same –ndob” to set a NDOB bit, indicating that there is no data buffer to be written out. When this bit is set, the system crashes when it tries to access the se_cmd->t_data_sg because it’s NULL. If an attacker were to send a normal WRITE_SAME command with no data buffer, they could potentially compromise the system or cause data leakage.
Conceptual Example Code
Here’s a conceptual command-line example of how the vulnerability might be exploited:
$ sg_write_same --ndob /dev/sdaIn this example, the sg_write_same command is used with the –ndob option on a device file, leading to a possible crash or further exploitation.