{"id":"CVE-2022-50215","summary":"scsi: sg: Allow waiting for commands to complete on removed device","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: sg: Allow waiting for commands to complete on removed device\n\nWhen a SCSI device is removed while in active use, currently sg will\nimmediately return -ENODEV on any attempt to wait for active commands that\nwere sent before the removal.  This is problematic for commands that use\nSG_FLAG_DIRECT_IO since the data buffer may still be in use by the kernel\nwhen userspace frees or reuses it after getting ENODEV, leading to\ncorrupted userspace memory (in the case of READ-type commands) or corrupted\ndata being sent to the device (in the case of WRITE-type commands).  This\nhas been seen in practice when logging out of a iscsi_tcp session, where\nthe iSCSI driver may still be processing commands after the device has been\nmarked for removal.\n\nChange the policy to allow userspace to wait for active sg commands even\nwhen the device is being removed.  Return -ENODEV only when there are no\nmore responses to read.","modified":"2026-04-11T12:44:54.850295Z","published":"2025-06-18T11:03:52.197Z","related":["SUSE-SU-2025:02264-1","SUSE-SU-2025:02308-1","SUSE-SU-2025:02320-1","SUSE-SU-2025:02321-1","SUSE-SU-2025:02322-1","SUSE-SU-2025:02334-1","SUSE-SU-2025:02537-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50215.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/03d8241112d5e3cccce1a01274a221099f07d2e1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3455607fd7be10b449f5135c00dc306b85dc0d21"},{"type":"WEB","url":"https://git.kernel.org/stable/c/35e60ec39e862159cb92923eefd5230d4a873cb9"},{"type":"WEB","url":"https://git.kernel.org/stable/c/408bfa1489a3cfe7150b81ab0b0df99b23dd5411"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8c004b7dbb340c1e5889f5fb9e5baa6f6e5303e8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bbc118acf7baf9e93c5e1314d14f481301af4d0f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ed9afd967cbfe7da2dc0d5e52c62a778dfe9f16b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f135c65085eed869d10e4e7923ce1015288618da"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f5e61d9b4a699dd16f32d5f39eb1cf98d84c92ed"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/50xxx/CVE-2022-50215.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-50215"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c6517b7942fad663cc1cf3235cbe4207cf769332"},{"fixed":"bbc118acf7baf9e93c5e1314d14f481301af4d0f"},{"fixed":"f5e61d9b4a699dd16f32d5f39eb1cf98d84c92ed"},{"fixed":"ed9afd967cbfe7da2dc0d5e52c62a778dfe9f16b"},{"fixed":"f135c65085eed869d10e4e7923ce1015288618da"},{"fixed":"408bfa1489a3cfe7150b81ab0b0df99b23dd5411"},{"fixed":"8c004b7dbb340c1e5889f5fb9e5baa6f6e5303e8"},{"fixed":"35e60ec39e862159cb92923eefd5230d4a873cb9"},{"fixed":"03d8241112d5e3cccce1a01274a221099f07d2e1"},{"fixed":"3455607fd7be10b449f5135c00dc306b85dc0d21"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"a0fe972f78eaaf352d593f9ed9079de590ceb286"},{"last_affected":"b21c6d2897cd455fa396f4041a0c8165784e949f"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50215.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.30"},{"fixed":"4.9.326"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.10.0"},{"fixed":"4.14.291"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.15.0"},{"fixed":"4.19.256"}]},{"type":"ECOSYSTEM","events":[{"introduced":"4.20.0"},{"fixed":"5.4.211"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.137"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.61"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"5.18.18"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.19.0"},{"fixed":"5.19.2"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50215.json"}}],"schema_version":"1.7.5"}