Upstream information
Description
In the Linux kernel, the following vulnerability has been resolved:scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
The function lio_target_nacl_info_show() uses sprintf() in a loop to print
details for every iSCSI connection in a session without checking for the
buffer length. With enough iSCSI connections it's possible to overflow the
buffer provided by configfs and corrupt the memory.
This patch replaces sprintf() with sysfs_emit_at() that checks for buffer
boundries.
SUSE information
Overall state of this security issue: New
This issue is currently rated as having not set severity.
SUSE Bugzilla entry: 1251786 [NEW] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Oct 7 20:01:28 2025CVE page last modified: Wed Oct 8 22:10:11 2025