Upstream information

CVE-2023-53676 at MITRE

Description

In the Linux kernel, the following vulnerability has been resolved:

scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()

The function lio_target_nacl_info_show() uses sprintf() in a loop to print
details for every iSCSI connection in a session without checking for the
buffer length. With enough iSCSI connections it's possible to overflow the
buffer provided by configfs and corrupt the memory.

This patch replaces sprintf() with sysfs_emit_at() that checks for buffer
boundries.

SUSE information

Overall state of this security issue: New

This issue is currently rated as having not set severity.

SUSE Bugzilla entry: 1251786 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Tue Oct 7 20:01:28 2025
CVE page last modified: Wed Oct 8 22:10:11 2025