Impact
The vulnerability stems from an integer overflow in the Linux kernel's SCSI target core when processing UNMAP commands. The sbc_execute_unmap function adds the logical block address (LBA) to the requested range without protecting against a 64‑bit overflow, allowing the sum to wrap around and bypass the bounds check that ensures the target does not exceed device capacity. Based on the description, it is inferred that this unchecked overflow could lead to kernel memory corruption and a potential system crash, although the description does not explicitly confirm such an outcome.
Affected Systems
Any Linux kernel release that does not contain the patch commit that adds the overflow guard to sbc_execute_unmap is affected. This includes standard distribution kernels as well as custom or in‑house builds that ship the vulnerable kernel. The defect exists in the generic SCSI target core, so all devices that expose SCSI UNMAP commands to the kernel fall under this risk.
Risk and Exploitability
TheSS score is 7.0, reflecting moderate to high severity. The EPSS score is < 1 %, indicating a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, exploitation requires the ability to send crafted UNMAP requests to a SCSI target, which typically necessitates local or device‑level access. No public exploitation has been documented and the description does not confirm successful memory corruption, so the risk remains theoretical and depends on an attacker’s capability to issue UNMAP commands.
OpenCVE Enrichment
Debian DLA