Acknowledged
Created: Oct 16, 2025
Updated: Oct 17, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]scsi: target: target_core_configfs: Add length check to avoid buffer overflow[EOL][EOL]A buffer overflow arises from the usage of snprintf to write into the[EOL]buffer "buf" in target_lu_gp_members_show function located in[EOL]/drivers/target/target_core_configfs.c. This buffer is allocated with[EOL]size LU_GROUP_NAME_BUF (256 bytes).[EOL][EOL]snprintf(...) formats multiple strings into buf with the HBA name[EOL](hba->hba_group.cg_item), a slash character, a devicename (dev->[EOL]dev_group.cg_item) and a newline character, the total formatted string[EOL]length may exceed the buffer size of 256 bytes.[EOL][EOL]Since snprintf() returns the total number of bytes that would have been[EOL]written (the length of %s/%sn ), this value may exceed the buffer length[EOL](256 bytes) passed to memcpy(), this will ultimately cause function[EOL]memcpy reporting a buffer overflow error.[EOL][EOL]An additional check of the return value of snprintf() can avoid this[EOL]buffer overflow.
