Impact
The vulnerability resides in the SCSI generic (sg) kernel module, allowing a user to set the module parameter def_reserved_size to an out‑of‑range value, such as –1. The lack of input validation permits this breach, which then leads the kernel to allocate an invalid buffer size when opening an /dev/sgX device. This misbehaviour manifests as a soft lockup, where a CPU core is observed stuck for extended periods, effectively crippling the system until a reboot or kernel recovery. The issue does not expose code execution or information disclosure; its primary impact is a denial‑of‑service that can affect the kernel’s responsiveness and availability.
Affected Systems
All Linux kernel releases that include the sg module with the vulnerable def_reserved_size handling are affected, as the flaw is present in the upstream kernel distribution. Specific affected kernel release numbers are not enumerated in the current data, so systems running any kernel version that compiles or loads the sg module should be considered potentially vulnerable.
Risk and Exploitability
The vulnerability requires local access to modify the sysfs parameter /sys/module/sg/parameters/def_reserved_size, which typically demands root or elevated privileges. Once set to an invalid value and followed by opening an sg device, a non‑preemptive kernel may experience a soft lockup, effectively causing a DoS. The CVSS score of 5.5 indicates moderate severity. EPSS is < 1%, and the flaw is not listed in the CISA KEV catalog, but its impact is significant due to the kernel lockup. The exploit requires privileged local access and the attacker must have the ability to write to the module parameter before triggering the lockup.
OpenCVE Enrichment
Debian DLA