{"id":58499,"date":"2026-05-30T07:58:55","date_gmt":"2026-05-30T07:58:55","guid":{"rendered":"https:\/\/zero.redgem.net\/?p=58499"},"modified":"2026-05-30T07:58:55","modified_gmt":"2026-05-30T07:58:55","slug":"scsi-target-configfs-bound-snprintf-return-in-tgptgpmembersshow","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=58499","title":{"rendered":"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149"},"content":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()\\n\\ntarget_tg_pt_gp_members_show() formats LUN paths with snprintf() into a\\n256-byte stack buffer, then will memcpy() cur_len bytes from that\\nbuffer. snprintf() returns the length the output would have had, which\\ncan exceed the buffer size when the fabric WWN is long because iSCSI IQN\\nnames can be up to 223 bytes. The check at the memcpy() site only\\nguards the destination page write, not the source read, so memcpy() will\\nread past the stack buffer and copy adjacent stack contents to the sysfs\\nreader, which when CONFIG_FORTIFY_SOURCE is enabled, fortify_panic()\\nwill be triggered.\\n\\nCommit 27e06650a5ea (\\”scsi: target: target_core_configfs: Add length\\ncheck to avoid buffer overflow\\”) added the same bound to the\\ntarget_lu_gp_members_show() but the tg_pt_gp variant was missed so\\nresolve that here.”,”published”:”2026-05-28T09:36:05.706Z”,”modified”:”2026-05-30T10:48:20.045Z”,”type”:”cve”,”title”:”scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()”,”source”:”Linux”,”references”:”https:\/\/git.kernel.org\/stable\/c\/1f678d13e939f91840cb1ebe9b88544923539d3c\\nhttps:\/\/git.kernel.org\/stable\/c\/72cc5ea7ef32bb5fa38bf0dd2e56fcd73aa8c89e\\nhttps:\/\/git.kernel.org\/stable\/c\/00d91bfdce5033f5d9b4915638ae9b0553848b5d\\nhttps:\/\/git.kernel.org\/stable\/c\/e501154f9d82c95d2719bcbbaf679d8fd3226ef7\\nhttps:\/\/git.kernel.org\/stable\/c\/772a896a56e0e3ef9424a025cec9176f9d8f4552″,”id”:”CVE-2026-46149″,”bulletinFamily”:””,”cwe”:null,”cvelist”:null,”sourceData”:”Linux Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5\\nLinux Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5\\nLinux Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5\\nLinux Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5\\nLinux Linux c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5\\nLinux Linux 2.6.38″,”sourceHref”:””,”cvss”:{“score”:7.1,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:N\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Linux”,”version”:”c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5″,”vendor”:”Linux”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:\\n\\nscsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()\\n\\ntarget_tg_pt_gp_members_show() formats LUN paths with snprintf() into a\\n256-byte stack…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,50,12,15,13,7,11,5],"class_list":["post-58499","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-71","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nscsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=58499\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnscsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()nntarget_tg_pt_gp_members_show() formats LUN paths with snprintf() into an256-byte stack...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=58499\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-30T07:58:55+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58499#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58499\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149\",\"datePublished\":\"2026-05-30T07:58:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58499\"},\"wordCount\":455,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.1\",\"exploit\",\"HIGH\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=58499#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58499\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58499\",\"name\":\"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-05-30T07:58:55+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58499#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=58499\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=58499#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=58499","og_locale":"en_US","og_type":"article","og_title":"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149 - zero redgem","og_description":"{“lastseen”:””,”description”:”In the Linux kernel, the following vulnerability has been resolved:nnscsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()nntarget_tg_pt_gp_members_show() formats LUN paths with snprintf() into an256-byte stack...","og_url":"https:\/\/zero.redgem.net\/?p=58499","og_site_name":"zero redgem","article_published_time":"2026-05-30T07:58:55+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=58499#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=58499"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149","datePublished":"2026-05-30T07:58:55+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=58499"},"wordCount":455,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.1","exploit","HIGH","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=58499#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=58499","url":"https:\/\/zero.redgem.net\/?p=58499","name":"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-05-30T07:58:55+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=58499#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=58499"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=58499#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show()_CVE-2026-46149"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/58499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=58499"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/58499\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=58499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=58499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=58499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}