CVE-2025-39998
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/10/2025
Last modified:
16/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
scsi: target: target_core_configfs: Add length check to avoid buffer overflow<br />
<br />
A buffer overflow arises from the usage of snprintf to write into the<br />
buffer "buf" in target_lu_gp_members_show function located in<br />
/drivers/target/target_core_configfs.c. This buffer is allocated with<br />
size LU_GROUP_NAME_BUF (256 bytes).<br />
<br />
snprintf(...) formats multiple strings into buf with the HBA name<br />
(hba->hba_group.cg_item), a slash character, a devicename (dev-><br />
dev_group.cg_item) and a newline character, the total formatted string<br />
length may exceed the buffer size of 256 bytes.<br />
<br />
Since snprintf() returns the total number of bytes that would have been<br />
written (the length of %s/%sn ), this value may exceed the buffer length<br />
(256 bytes) passed to memcpy(), this will ultimately cause function<br />
memcpy reporting a buffer overflow error.<br />
<br />
An additional check of the return value of snprintf() can avoid this<br />
buffer overflow.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/27e06650a5eafe832a90fd2604f0c5e920857fae
- https://git.kernel.org/stable/c/4b292286949588bd2818e66ff102db278de8dd26
- https://git.kernel.org/stable/c/53c6351597e6a17ec6619f6f060d54128cb9a187
- https://git.kernel.org/stable/c/a150275831b765b0f1de8b8ff52ec5c6933ac15d
- https://git.kernel.org/stable/c/e73fe0eefac3e15bf88fb5b4afae4c76215ee4d4
- https://git.kernel.org/stable/c/f03aa5e39da7d045615b3951d2a6ca1d7132f881