A vulnerability was found in sg_write in drivers/scsi/sg.c in SCSI generic (sg) driver subsystem. An attacker with a local access and special user privilege (or root) can cause a denial of service (DoS) if allocated list is not cleaned with invalid (Sg_fd * sfp) pointer at the time of failure, failing this can even cause a kernel internal information leak problem.
Reference and upstream commit:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1834847]
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.