)]}'
{
  "commit": "dcb7735fdbf79c7a6868315ecc6d140495e00cf2",
  "tree": "9ae9afbbc345076ce2d74479eb99f8d9676ce37a",
  "parents": [
    "cee34e3684a8c24d89b278985e2f585170a2c550"
  ],
  "author": {
    "name": "Wang Haoran",
    "email": "haoranwangsec@gmail.com",
    "time": "Sat Sep 20 15:44:41 2025 +0800"
  },
  "committer": {
    "name": "Kevin Liu",
    "email": "zhihuil@google.com",
    "time": "Mon Oct 20 11:46:28 2025 -0700"
  },
  "message": "scsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.\n\nBUG\u003db/452296477\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dFixed CVE-2025-39998 in the Linux kernel.\n\ncos-patch: security-moderate\nReported-by: Wang Haoran \u003chaoranwangsec@gmail.com\u003e\nReported-by: ziiiro \u003cyuanmingbuaa@gmail.com\u003e\nChange-Id: I203cb67a656831eec9d76fc9e0ab2bd545cc676c\nSigned-off-by: Wang Haoran \u003chaoranwangsec@gmail.com\u003e\nSigned-off-by: Martin K. Petersen \u003cmartin.petersen@oracle.com\u003e\nSigned-off-by: kevin liu \u003czhihuil@google.com\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/114801\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\nReviewed-by: Kevin Berry \u003ckpberry@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "1a26dd0d5666245426b33c86bd52d9e7858cc2c6",
      "old_mode": 33188,
      "old_path": "drivers/target/target_core_configfs.c",
      "new_id": "537c1370e112a783629eec6aaf92c4f441e8b50a",
      "new_mode": 33188,
      "new_path": "drivers/target/target_core_configfs.c"
    }
  ]
}