Linux Kernel SCSI iSCSI_TCP Socket Validation Vulnerability

A vulnerability in the Linux kernel's SCSI iSCSI_TCP implementation allows for improper socket validation, potentially leading to incorrect TCP connection values. This issue arises from a previous commit intended to fix a null pointer dereference, which inadvertently introduced the risk of inconsistent TCP connection parameters. The vulnerability has been addressed by revising the order of operations to ensure proper validation before assignment.

Impact

The vulnerability could cause a null pointer dereference, leading to a crash or undefined behavior in the iSCSI_TCP connection handling.

Reproduction

To reproduce this vulnerability, create an iSCSI_TCP connection and manipulate the socket parameter to introduce an invalid state. The connection handling will then process the invalid socket, leading to a null pointer dereference when the system attempts to retrieve the peer name, causing a crash.

Remediation

Users can upgrade to the latest stable version of the Linux kernel, where this vulnerability has been fixed.