CVE-2022-21546: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-21546 is a vulnerability in the Linux kernel's SCSI target subsystem, specifically related to the WRITE_SAME functionality. The vulnerability was initially reserved on November 15, 2021, and later disclosed with patches in September 2022. The issue affects the SCSI target subsystem where the NDOB (No Data Buffer) bit indicates no data buffer is written out (MITRE CVE, Oracle Bulletin).

The vulnerability occurs when commands like 'sgwritesame --ndob' are executed, causing a crash in targetcoreiblock/file's executewritesame handlers when attempting to access secmd->tdata_sg because it's NULL. The vulnerability has been assigned a CVSS v3.1 base score of 7.7 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H, indicating a network attack vector with low attack complexity (Wiz).

When exploited, this vulnerability primarily affects system availability by causing system crashes. According to the CVSS metrics, while there is no impact on confidentiality or integrity, the vulnerability has a significant impact on system availability (Wiz).

Oracle has released patches for multiple versions of their systems including Oracle Linux 6, 7, 8, 9, and Oracle VM version 3, all concerning the kernel-uek component. These patches were made available through various security advisories (ELSA) released in September 2022 (Oracle Bulletin).