CVE-2025-39998

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A buffer overflow issue exists in the Linux kernel’s SCSI target core configuration file system. The issue stems from the use of snprintf to write into a buffer named buf within the target lu gp members show function, located in /drivers/target/target core configfs.c. The snprintf function formats multiple strings, including the HBA name (hba->hba group.cg item), a slash character, a device name (dev->dev group.cg item), and a newline character, into the buffer. The combined length of these formatted strings can exceed the buffer’s allocated size of 256 bytes. The return value of snprintf is not checked, potentially leading to a buffer overflow when used with memcpy.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.