CVE-2025-39998

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/10/2025
Last modified:
16/10/2025

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: target: target_core_configfs: Add length check to avoid buffer overflow<br /> <br /> A buffer overflow arises from the usage of snprintf to write into the<br /> buffer "buf" in target_lu_gp_members_show function located in<br /> /drivers/target/target_core_configfs.c. This buffer is allocated with<br /> size LU_GROUP_NAME_BUF (256 bytes).<br /> <br /> snprintf(...) formats multiple strings into buf with the HBA name<br /> (hba-&gt;hba_group.cg_item), a slash character, a devicename (dev-&gt;<br /> dev_group.cg_item) and a newline character, the total formatted string<br /> length may exceed the buffer size of 256 bytes.<br /> <br /> Since snprintf() returns the total number of bytes that would have been<br /> written (the length of %s/%sn ), this value may exceed the buffer length<br /> (256 bytes) passed to memcpy(), this will ultimately cause function<br /> memcpy reporting a buffer overflow error.<br /> <br /> An additional check of the return value of snprintf() can avoid this<br /> buffer overflow.

Impact