In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in target_lu_gp_members_show function located in /drivers/target/target_core_configfs.c. This buffer is allocated with size LU_GROUP_NAME_BUF (256 bytes). snprintf(...) formats multiple strings into buf with the HBA name (hba->hba_group.cg_item), a slash character, a devicename (dev-> dev_group.cg_item) and a newline character, the total formatted string length may exceed the buffer size of 256 bytes. Since snprintf() returns the total number of bytes that would have been written (the length of %s/%sn ), this value may exceed the buffer length (256 bytes) passed to memcpy(), this will ultimately cause function memcpy reporting a buffer overflow error. An additional check of the return value of snprintf() can avoid this buffer overflow.
Conclusion & alert: CVE-2025-39998 is rated Moderate Risk (43.5/100): low exploitation likelihood (EPSS 0.21%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-03-25 | 0.14% | 0.21% | +0.07% |
| 2 | 2026-03-13 | 0.19% | 0.14% | -0.05% |
| 3 | 2025-11-18 | — | 0.19% | — |
Full EPSS history (5 records total)
CVSS metrics for this CVE.
No CVSS data in dataset for this CVE.
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
not yet assigned | CVE-2025-39998 not yet assigned priority: Debian including 2 source packages (linux, linux-6.1), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. | https://security-tracker.debian.org/tracker/CVE-2025-39998 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2025-39998 |
suse
|
medium | CVE-2025-39998 severity moderate: SUSE including 316 source package names (2.1.3-6.144:kernel-default-base-6.4.0-41.1.21.18, 2.1.3-7.127:kernel-default-6.4.0-41.1, …), 358 product×package rows across 24 product lines (Container suse/sl-micro/6.0/base-os-container, Container suse/sl-micro/6.0/kvm-os-container, … (24 product lines)): Known Affected 231, First Fixed 68, Fixed 59. | https://www.suse.com/security/cve/CVE-2025-39998/ |
ubuntu
|
medium | CVE-2025-39998 medium priority: Ubuntu including 157 source packages (linux, linux-allwinner-5.19, …), 1405 status rows across 9 suites (bionic, focal, jammy, noble, plucky, questing, trusty, upstream, xenial): DNE 1010, ignored 181, released 153, needed 48, not-affected 8, pending 3, needs-triage 2. | https://ubuntu.com/security/CVE-2025-39998 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||