{"id":"CVE-2023-53676","summary":"scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()\n\nThe function lio_target_nacl_info_show() uses sprintf() in a loop to print\ndetails for every iSCSI connection in a session without checking for the\nbuffer length. With enough iSCSI connections it's possible to overflow the\nbuffer provided by configfs and corrupt the memory.\n\nThis patch replaces sprintf() with sysfs_emit_at() that checks for buffer\nboundries.","modified":"2026-04-02T09:44:51.550629Z","published":"2025-10-07T15:21:31.757Z","related":["SUSE-SU-2025:4393-1","SUSE-SU-2025:4422-1","SUSE-SU-2025:4505-1","SUSE-SU-2025:4506-1","SUSE-SU-2025:4507-1","SUSE-SU-2025:4515-1","SUSE-SU-2025:4516-1","SUSE-SU-2025:4517-1","SUSE-SU-2025:4521-1","SUSE-SU-2025:4530-1","SUSE-SU-2026:0029-1","SUSE-SU-2026:0032-1","SUSE-SU-2026:0033-1","SUSE-SU-2026:0034-1","SUSE-SU-2026:0144-1","SUSE-SU-2026:0145-1","SUSE-SU-2026:0146-1","SUSE-SU-2026:0147-1","SUSE-SU-2026:0148-1","SUSE-SU-2026:0154-1","SUSE-SU-2026:0155-1","SUSE-SU-2026:0163-1","SUSE-SU-2026:0166-1","SUSE-SU-2026:0168-1","SUSE-SU-2026:0169-1","SUSE-SU-2026:0171-1","SUSE-SU-2026:0173-1","SUSE-SU-2026:0174-1","SUSE-SU-2026:0176-1","SUSE-SU-2026:0180-1","SUSE-SU-2026:0184-1","SUSE-SU-2026:0185-1","SUSE-SU-2026:0186-1","SUSE-SU-2026:0187-1","SUSE-SU-2026:0188-1","SUSE-SU-2026:0191-1","SUSE-SU-2026:0200-1","SUSE-SU-2026:0202-1","SUSE-SU-2026:0203-1","SUSE-SU-2026:0204-1","SUSE-SU-2026:0206-1","SUSE-SU-2026:0209-1","SUSE-SU-2026:0246-1","SUSE-SU-2026:0247-1","SUSE-SU-2026:0262-1","SUSE-SU-2026:0269-1","SUSE-SU-2026:0270-1","SUSE-SU-2026:0274-1","SUSE-SU-2026:0283-1","SUSE-SU-2026:0284-1","SUSE-SU-2026:20039-1","SUSE-SU-2026:20059-1","SUSE-SU-2026:20248-1","SUSE-SU-2026:20249-1","SUSE-SU-2026:20250-1","SUSE-SU-2026:20251-1","SUSE-SU-2026:20252-1","SUSE-SU-2026:20253-1","SUSE-SU-2026:20254-1","SUSE-SU-2026:20255-1","SUSE-SU-2026:20256-1","SUSE-SU-2026:20257-1","SUSE-SU-2026:20258-1","SUSE-SU-2026:20259-1","SUSE-SU-2026:20260-1","SUSE-SU-2026:20261-1","SUSE-SU-2026:20262-1","SUSE-SU-2026:20263-1","SUSE-SU-2026:20264-1","SUSE-SU-2026:20265-1","SUSE-SU-2026:20266-1","SUSE-SU-2026:20376-1","SUSE-SU-2026:20377-1","SUSE-SU-2026:20378-1","SUSE-SU-2026:20379-1","SUSE-SU-2026:20380-1","SUSE-SU-2026:20381-1","SUSE-SU-2026:20382-1","SUSE-SU-2026:20383-1","SUSE-SU-2026:20384-1","SUSE-SU-2026:20385-1","SUSE-SU-2026:20392-1","SUSE-SU-2026:20393-1","SUSE-SU-2026:20394-1","SUSE-SU-2026:20395-1","SUSE-SU-2026:20396-1","SUSE-SU-2026:20397-1","SUSE-SU-2026:20398-1","SUSE-SU-2026:20399-1","SUSE-SU-2026:20400-1","SUSE-SU-2026:20473-1","SUSE-SU-2026:20496-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53676.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0cac6cbb9908309352a5d30c1876882771d3da50"},{"type":"WEB","url":"https://git.kernel.org/stable/c/114b44dddea1f8f99576de3c0e6e9059012002fc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4738bf8b2d3635c2944b81b2a84d97b8c8b0978d"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5353df78c22623b42a71d51226d228a8413097e2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/801f287c93ff95582b0a2d2163f12870a2f076d4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/df349e84c2cb0dd05d98c8e1189c26ab4b116083"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/53xxx/CVE-2023-53676.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-53676"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e48354ce078c079996f89d715dfa44814b4eba01"},{"fixed":"df349e84c2cb0dd05d98c8e1189c26ab4b116083"},{"fixed":"114b44dddea1f8f99576de3c0e6e9059012002fc"},{"fixed":"2cbe6a88fbdd6e8aeab358eef61472e2de43d6f6"},{"fixed":"bbe3ff47bf09db8956bc2eeb49d2d514d256ad2a"},{"fixed":"5353df78c22623b42a71d51226d228a8413097e2"},{"fixed":"4738bf8b2d3635c2944b81b2a84d97b8c8b0978d"},{"fixed":"0cac6cbb9908309352a5d30c1876882771d3da50"},{"fixed":"801f287c93ff95582b0a2d2163f12870a2f076d4"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-53676.json"}}],"schema_version":"1.7.5"}