{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T03:11:40.393","vulnerabilities":[{"cve":{"id":"CVE-2022-50215","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-06-18T11:15:52.423","lastModified":"2025-11-19T12:59:55.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Allow waiting for commands to complete on removed device\n\nWhen a SCSI device is removed while in active use, currently sg will\nimmediately return -ENODEV on any attempt to wait for active commands that\nwere sent before the removal.  This is problematic for commands that use\nSG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel\nwhen userspace frees or reuses it after getting ENODEV, leading to\ncorrupted userspace memory (in the case of READ-type commands) or corrupted\ndata being sent to the device (in the case of WRITE-type commands).  This\nhas been seen in practice when logging out of a iscsi_tcp session, where\nthe iSCSI driver may still be processing commands after the device has been\nmarked for removal.\n\nChange the policy to allow userspace to wait for active sg commands even\nwhen the device is being removed.  Return -ENODEV only when there are no\nmore responses to read."},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: sg: Permitir esperar a que se completen los comandos en el dispositivo eliminado Cuando se elimina un dispositivo SCSI mientras está en uso activo, actualmente sg devolverá inmediatamente -ENODEV en cualquier intento de esperar los comandos activos que se enviaron antes de la eliminación. Esto es problemático para los comandos que usan SG_FLAG_DIRECT_IO ya que el búfer de datos puede seguir en uso por el kernel cuando el espacio de usuario lo libera o lo reutiliza después de obtener ENODEV, lo que lleva a la memoria del espacio de usuario dañada (en el caso de comandos de tipo READ) o al envío de datos dañados al dispositivo (en el caso de comandos de tipo WRITE). Esto se ha visto en la práctica al cerrar sesión en una sesión iscsi_tcp, donde el controlador iSCSI puede seguir procesando comandos después de que el dispositivo se haya marcado para su eliminación. Cambie la política para permitir que el espacio de usuario espere comandos sg activos incluso cuando se esté eliminando el dispositivo. Devuelva -ENODEV solo cuando no haya más respuestas para leer."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionEndExcluding":"4.9.326","matchCriteriaId":"5B4EA906-CFF9-4D4A-AFD7-43AC02C77E48"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.10","versionEndExcluding":"4.14.291","matchCriteriaId":"3BBC7E43-6161-4F21-977C-5BB7792C6C94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.15","versionEndExcluding":"4.19.256","matchCriteriaId":"6C47CDE3-B039-4AE5-B8E4-1DC820E473FF"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.20","versionEndExcluding":"5.4.211","matchCriteriaId":"B1C63D19-C08C-4308-A848-B2523C9275BD"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.137","matchCriteriaId":"C2BF720F-C5EE-4DE2-9BDF-CE4CFBC767F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.11","versionEndExcluding":"5.15.61","matchCriteriaId":"51861563-7F40-460F-82CD-2D3FBDAD6618"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.16","versionEndExcluding":"5.18.18","matchCriteriaId":"5B42E453-8837-49D0-A5EF-03F818A6DC11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.19","versionEndExcluding":"5.19.2","matchCriteriaId":"A1A2A5A5-4598-4D7E-BA07-4660398D6C8F"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/03d8241112d5e3cccce1a01274a221099f07d2e1","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/3455607fd7be10b449f5135c00dc306b85dc0d21","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/35e60ec39e862159cb92923eefd5230d4a873cb9","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/408bfa1489a3cfe7150b81ab0b0df99b23dd5411","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/8c004b7dbb340c1e5889f5fb9e5baa6f6e5303e8","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/bbc118acf7baf9e93c5e1314d14f481301af4d0f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/ed9afd967cbfe7da2dc0d5e52c62a778dfe9f16b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f135c65085eed869d10e4e7923ce1015288618da","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/f5e61d9b4a699dd16f32d5f39eb1cf98d84c92ed","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}}]}