CVE-2022-21546 – A NULL pointer dereference vulnerability in the... (How to Fix)

Q: What is the severity of CVE-2022-21546?

CVE-2022-21546 has a CVSS score of 7.8 (HIGH). A NULL pointer dereference vulnerability in the Linux kernel's SCSI target subsystem allows attackers to crash the kernel by sending specially crafted WRITE SAME commands with the NDOB (No Data Out Buffer) bit set. This affects systems using SCSI target functionality, particularly those with iSCSI or other SCSI target configurations. The vulnerability can lead to denial of service.

📋 TL;DR

A NULL pointer dereference vulnerability in the Linux kernel's SCSI target subsystem allows attackers to crash the kernel by sending specially crafted WRITE SAME commands with the NDOB (No Data Out Buffer) bit set. This affects systems using SCSI target functionality, particularly those with iSCSI or other SCSI target configurations. The vulnerability can lead to denial of service.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if SCSI target subsystem is enabled and configured. Many default installations do not have this enabled.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to complete system crash and denial of service, potentially requiring physical intervention to restart.

🟠

Likely Case

System crash requiring reboot, causing service disruption and potential data loss for in-flight operations.

🟢

If Mitigated

No impact if SCSI target functionality is disabled or systems are properly patched.

🌐 Internet-Facing: MEDIUM - Requires SCSI target services to be exposed and accessible, which is less common for internet-facing systems.

🏢 Internal Only: MEDIUM - Internal attackers with access to SCSI target services could exploit this to disrupt critical systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires access to send SCSI commands to the target system. The sg_write_same command with --ndob flag can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 4226622647e3e5ac06d3ebc1605b917446157510, 54e57be2573cf0b8bf650375fd8752987b6c3d3b, ccd3f449052449a917a3e577d8ba0368f43b8f29, d8e6a27e9238dd294d6f2f401655f300dca20899

Vendor Advisory: https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Restart Required: Yes

Instructions:

1. Update kernel package using distribution's package manager. 2. For Debian/Ubuntu: apt update && apt upgrade linux-image-*. 3. For RHEL/CentOS: yum update kernel. 4. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable SCSI target functionality

linux

If SCSI target services are not required, disable them to eliminate the attack surface

systemctl stop target.service
systemctl disable target.service

Block SCSI WRITE SAME commands

linux

Use firewall rules or SCSI command filtering to block WRITE SAME commands

iptables -A INPUT -p tcp --dport 3260 -m string --string "WRITE_SAME" --algo bm -j DROP

🧯 If You Can't Patch

Disable SCSI target services completely if not required
Implement strict network access controls to limit who can send SCSI commands to vulnerable systems

🔍 How to Verify

Check if Vulnerable:

Check kernel version and verify if SCSI target services are running: systemctl status target.service

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version is updated and test with sg_write_same --ndob command (should not crash)

📡 Detection & Monitoring

Log Indicators:

Kernel panic messages in /var/log/kern.log or dmesg
SCSI command errors related to WRITE_SAME

Network Indicators:

SCSI WRITE_SAME commands with NDOB bit set on iSCSI port 3260

SIEM Query:

source="kernel" AND "panic" AND ("WRITE_SAME" OR "SCSI")

📊 Metadata

CVE ID: CVE-2022-21546

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-476

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: May 2, 2025

Last Updated: November 10, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21546, you might also want to check these: