Linux Kernel SCSI Target Component AIO Command Initialization Vulnerability

A vulnerability exists in the Linux kernel's SCSI target component, specifically within the target_core_file. The issue arises because the component does not properly initialize the asynchronous I/O command's I/O control block for the write stream. This oversight can lead to incorrect write stream values, causing unintended write failures when the stream is checked against maximum thresholds in the block device. The vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability can cause incorrect write operation statuses, leading to unintended write failures in the block device.

Reproduction

The vulnerability can be reproduced by executing a write command that uses asynchronous I/O. The target_core_file will fail to initialize the write stream correctly, resulting in a faulty stream value. When the write stream is checked against the maximum allowed streams in the block device, it will incorrectly indicate a write failure.

Remediation

The vulnerability has been addressed by modifying the allocation of the asynchronous I/O command to use a safer memory allocation function that initializes the command properly. Users can apply the latest patches available in the Linux kernel stable tree to mitigate this issue.