http://www.securityfocus.com/bid/105388

https://access.redhat.com/errata/RHSA-2018:3651

https://access.redhat.com/errata/RHSA-2018:3666

https://access.redhat.com/errata/RHSA-2019:1946

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633

https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c

https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe

https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html

https://seclists.org/oss-sec/2018/q3/270

https://usn.ubuntu.com/3775-1/

https://usn.ubuntu.com/3775-2/

https://usn.ubuntu.com/3776-1/

https://usn.ubuntu.com/3776-2/

https://usn.ubuntu.com/3777-1/

https://usn.ubuntu.com/3777-2/

https://usn.ubuntu.com/3777-3/

https://usn.ubuntu.com/3779-1/

https://www.debian.org/security/2018/dsa-4308

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.10 up to (including) 3.10.102
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14 up to (including) 4.14.81
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.18 up to (including) 4.18.19

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.1 up to (excluding) 3.16.59
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.17 up to (excluding) 3.18.124
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.19 up to (excluding) 4.4.159
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.5 up to (excluding) 4.9.130
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (

A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability.

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead

Red Hat, Inc. CWE-121

https://access.redhat.com/security/cve/CVE-2018-14633 [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1626035 [No Types Assigned]

A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead

A flaw was found in the ISCSI target code in the Linux kernel. The flaw allows an unauthenticated, remote attacker to cause a stack buffer overflow of 17 bytes of the stack. Depending on how the kernel was compiled (e.g. compiler, compile flags, and hardware architecture), the attack may lead to a system crash or access to data exported by an iSCSI target. Privilege escalation cannot be ruled out. The highest threat from this vulnerability is to system availability.

Red Hat, Inc. CWE-121

https://access.redhat.com/security/cve/CVE-2018-14633 [No Types Assigned]

https://bugzilla.redhat.com/show_bug.cgi?id=1626035 [No Types Assigned]

CWE-121 / CWE from CNA not within 1003 View

OR
     *cpe:2.3:o:redhat:virtualization:4.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux_dekstop:7.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

NIST AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

NIST CWE-787

NIST CWE-119

OR
     *cpe:2.3:o:redhat:enterprise_linux_dekstop:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_l

https://access.redhat.com/errata/RHSA-2018:3651 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:3651 Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3666 No Types Assigned

https://access.redhat.com/errata/RHSA-2018:3666 Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1946 No Types Assigned

https://access.redhat.com/errata/RHSA-2019:1946 Third Party Advisory

Red Hat, Inc. AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

Red Hat, Inc. CWE-121

https://access.redhat.com/errata/RHSA-2019:1946 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2018:3651 [No Types Assigned]

https://access.redhat.com/errata/RHSA-2018:3666 [No Types Assigned]

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

(AV:N/AC:M/Au:N/C:P/I:P/A:C)

CWE-119

OR
     *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
     *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
     *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.10 up to (including) 3.10.102
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.14 up to (including) 4.14.81
     *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 4.18 up to (including) 4.18.19

http://www.securityfocus.com/bid/105388 No Types Assigned

http://www.securityfocus.com/bid/105388 Third Party Advisory, VDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 No Types Assigned

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14633 Issue Tracking, Patch, Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c No Types Assigned

https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=1816494330a83f2a064499d8ed2797045641f92c Patch, Vendor Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe No Types Assigned

https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.19/scsi-fixes&id=8c39e2699f8acb2e29782a834e56306da24937fe Patch, Vendor Advisory

https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html No Types Assigned

https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html Mailing List, Third Party Advisory

https://seclists.org/oss-sec/2018/q3/270 No Types Assigned

https://seclists.org/oss-sec/2018/q3/270 Mailing List, Third Party Advisory

https://usn.ubuntu.com/3775-1/ No Types Assigned

https://usn.ubuntu.com/3775-1/ Third Party Advisory

https://usn.ubuntu.com/3775-2/ No Types Assigned

https://usn.ubuntu.com/3775-2/ Third Party Advisory

https://usn.ubuntu.com/3776-1/ No Types Assigned

https://usn.ubuntu.com/3776-1/ Third Party Advisory

https://usn.ubuntu.com/3776-2/ No Types Assigned

https://usn.ubuntu.com/3776-2/ Third Party Advisory

https://usn.ubuntu.com/3777-1/ No Types Assigned

https://usn.ubuntu.com/3777-1/ Third Party Advisory

https://usn.ubuntu.com/3777-2/ No Types Assigned

https://usn.ubuntu.com/3777-2/ Third Party Advisory

https://usn.ubuntu.com/3777-3/ No Types Assigned

https://usn.ubuntu.com/3777-3/ Third Party Advisory

https://usn.ubuntu.com/3779-1/ No Types Assigned

https://usn.ubuntu.com/3779-1/ Third Party Advisory

https://www.debian.org/security/2018/dsa-4308 No Types Assigned

https://www.debian.org/security/2018/dsa-4308 Third Party Advisory

https://usn.ubuntu.com/3777-3/ [No Types Assigned]

https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html [No Types Assigned]

https://usn.ubuntu.com/3775-1/ [No Types Assigned]

https://usn.ubuntu.com/3779-1/ [No Types Assigned]

https://usn.ubuntu.com/3775-2/ [No Types Assigned]

https://usn.ubuntu.com/3776-1/ [No Types Assigned]

https://usn.ubuntu.com/3776-2/ [No Types Assigned]

https://usn.ubuntu.com/3777-1/ [No Types Assigned]

https://usn.ubuntu.com/3777-2/ [No Types Assigned]

https://www.debian.org/security/2018/dsa-4308 [No Types Assigned]

http://www.securityfocus.com/bid/105388 [No Types Assigned]