{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-39998","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-04-16T07:20:57.151Z","datePublished":"2025-10-15T07:58:22.354Z","dateUpdated":"2026-05-11T21:40:29.848Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:40:29.848Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba->hba_group.cg_item), a slash character, a devicename (dev->\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_configfs.c"],"versions":[{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"e6eeee5dc0d9221ff96d1b229b1d0222c8871b84","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"764a91e2fc9639e07aac93bc70e387e6b1e33084","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"ddc79fba132b807ff775467acceaf48b456e008b","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"e73fe0eefac3e15bf88fb5b4afae4c76215ee4d4","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"f03aa5e39da7d045615b3951d2a6ca1d7132f881","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"53c6351597e6a17ec6619f6f060d54128cb9a187","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"4b292286949588bd2818e66ff102db278de8dd26","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"a150275831b765b0f1de8b8ff52ec5c6933ac15d","status":"affected","versionType":"git"},{"version":"c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5","lessThan":"27e06650a5eafe832a90fd2604f0c5e920857fae","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/target/target_core_configfs.c"],"versions":[{"version":"2.6.38","status":"affected"},{"version":"0","lessThan":"2.6.38","status":"unaffected","versionType":"semver"},{"version":"5.4.301","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.246","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.195","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.156","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.110","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.51","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.16.11","lessThanOrEqual":"6.16.*","status":"unaffected","versionType":"semver"},{"version":"6.17.1","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.4.301"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.10.246"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"5.15.195"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.1.156"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.6.110"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.12.51"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.16.11"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.17.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"2.6.38","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e6eeee5dc0d9221ff96d1b229b1d0222c8871b84"},{"url":"https://git.kernel.org/stable/c/764a91e2fc9639e07aac93bc70e387e6b1e33084"},{"url":"https://git.kernel.org/stable/c/ddc79fba132b807ff775467acceaf48b456e008b"},{"url":"https://git.kernel.org/stable/c/e73fe0eefac3e15bf88fb5b4afae4c76215ee4d4"},{"url":"https://git.kernel.org/stable/c/f03aa5e39da7d045615b3951d2a6ca1d7132f881"},{"url":"https://git.kernel.org/stable/c/53c6351597e6a17ec6619f6f060d54128cb9a187"},{"url":"https://git.kernel.org/stable/c/4b292286949588bd2818e66ff102db278de8dd26"},{"url":"https://git.kernel.org/stable/c/a150275831b765b0f1de8b8ff52ec5c6933ac15d"},{"url":"https://git.kernel.org/stable/c/27e06650a5eafe832a90fd2604f0c5e920857fae"}],"title":"scsi: target: target_core_configfs: Add length check to avoid buffer overflow","x_generator":{"engine":"bippy-1.2.0"}}}}