Buffer Overflow Vulnerability in Linux Kernel SCSI Target Configuration
CVE-2025-39998

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
15 October 2025

What is CVE-2025-39998?

A vulnerability has been identified in the Linux kernel's SCSI target subsystem that can lead to a buffer overflow. This issue occurs in the target_lu_gp_members_show function within the target_core_configfs.c file, where snprintf is used to write data into a buffer (LU_GROUP_NAME_BUF) of fixed size (256 bytes). If the total formatted string length exceeds the allocated buffer size, this can lead to a buffer overflow during memory operations involving memcpy. By implementing an additional length check on the return value of snprintf, it is possible to mitigate this risk and enhance system security against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5

Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5 < 764a91e2fc9639e07aac93bc70e387e6b1e33084

Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5

References

https://git.kernel.org/stable/c/e6eeee5dc0d9221ff96d1b229...
https://git.kernel.org/stable/c/764a91e2fc9639e07aac93bc7...
https://git.kernel.org/stable/c/ddc79fba132b807ff775467ac...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.