CVE-2026-46149

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A buffer overflow occurs in the target tg pt gp members show() function when formatting LUN paths using snprintf() into a 256-byte stack buffer. Because iSCSI IQN names can reach 223 bytes, the return value of snprintf() may exceed the buffer size. The subsequent memcpy() operation reads past the stack buffer based on this return value, potentially copying adjacent stack contents to the sysfs reader. When CONFIG FORTIFY SOURCE is enabled, this action triggers fortify panic().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.