5.5

CVE-2022-50215

EPSS 0.01%
Veröffentlicht 18.06.2025 11:03:52
Zuletzt bearbeitet 19.11.2025 12:59:55
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

scsi: sg: Allow waiting for commands to complete on removed device

When a SCSI device is removed while in active use, currently sg will
immediately return -ENODEV on any attempt to wait for active commands that
were sent before the removal.  This is problematic for commands that use
SG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel
when userspace frees or reuses it after getting ENODEV, leading to
corrupted userspace memory (in the case of READ-type commands) or corrupted
data being sent to the device (in the case of WRITE-type commands).  This
has been seen in practice when logging out of a iscsi_tcp session, where
the iSCSI driver may still be processing commands after the device has been
marked for removal.

Change the policy to allow userspace to wait for active sg commands even
when the device is being removed.  Return -ENODEV only when there are no
more responses to read.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 4.9.326

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.291

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.256

Linux ≫ Linux Kernel Version >= 4.20 < 5.4.211

Linux ≫ Linux Kernel Version >= 5.5 < 5.10.137

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.61

Linux ≫ Linux Kernel Version >= 5.16 < 5.18.18

Linux ≫ Linux Kernel Version >= 5.19 < 5.19.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.016

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/bbc118acf7baf9e93c5e1314d14f481301af4d0f

Patch

https://git.kernel.org/stable/c/f5e61d9b4a699dd16f32d5f39eb1cf98d84c92ed

Patch

https://git.kernel.org/stable/c/ed9afd967cbfe7da2dc0d5e52c62a778dfe9f16b

Patch

https://git.kernel.org/stable/c/f135c65085eed869d10e4e7923ce1015288618da

Patch

https://git.kernel.org/stable/c/408bfa1489a3cfe7150b81ab0b0df99b23dd5411

Patch

https://git.kernel.org/stable/c/8c004b7dbb340c1e5889f5fb9e5baa6f6e5303e8

Patch

https://git.kernel.org/stable/c/35e60ec39e862159cb92923eefd5230d4a873cb9

Patch

https://git.kernel.org/stable/c/03d8241112d5e3cccce1a01274a221099f07d2e1

Patch

https://git.kernel.org/stable/c/3455607fd7be10b449f5135c00dc306b85dc0d21

Patch

https://nvd.nist.gov/vuln/detail/CVE-2022-50215

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-50215

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-50215

EUVD