Bottlerocket: bottlerocket-kernel-5.15, kernel-5.15: security update to 5.15.184

high Tenable Cloud Security Plugin ID 428254

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data
Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer
that gets written out. If this bit is set using commands like "sg_write_same --ndob" we will crash in
target_core_iblock/file's execute_write_same handlers when we go to access the se_cmd->t_data_sg because
its NULL. This patch adds a check for the NDOB bit in the common WRITE SAME code because we don't support
it. And, it adds a check for zero SG elements in each handler in case the initiator tries to send a normal
WRITE SAME with no data buffer. (CVE-2022-21546)

Plugin Details

Severity: High

ID: 428254

Version: Revision 1.6

Type: Local

Published: 6/30/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 97.22

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-21546

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/2/2025

Reference Information

CVE: CVE-2022-21546