Updated: 2023-12-06
CWE: Buffer Errors
Description:
A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable.
CVSS3: 7
| OS | Vendor version | Errata |
|---|---|---|
| RHEL 7 | 3.10.0-957.1.3.el7 | RHSA-2018:3651 |
| Ubuntu 18.04 | 4.15.0-36.39 | USN-3777-1 |
| Ubuntu 18.04 AWS | 4.15.0-1023.23 | USN-3777-1 |
| Ubuntu 16.04 HWE | 4.15.0-36.39~16.04.1 | USN-3777-2 |
| Debian 9 | 4.9.110-3+deb9u5 | DSA-4308-1 |
| Debian 8 backports | 4.9.110-3+deb9u5 | DSA-4308-1 |
| CentOS 7 | 3.10.0-957.1.3.el7 | CESA-2018:3651 |
| CentOS 7 plus | 3.10.0-957.1.3.el7.centos.plus | CESA-2018:3651 |
| Oracle Linux 7 | 3.10.0-957.1.3.el7 | ELSA-2018-3651 |
| Oracle Linux 6 UEK 4 | 4.1.12-124.28.1.el6uek | ELSA-2019-4670 |
| Oracle Linux 7 UEK 4 | 4.1.12-124.28.1.el7uek | ELSA-2019-4670 |
| Amazon Linux 1 | 4.14.72-68.55.amzn1 | ALAS-2018-1086 |
| Amazon Linux 2 | 4.14.72-73.55.amzn2 | ALAS-2018-1086 |
| Ubuntu 18.04 GCP | 4.15.0-1021.22 | USN-3777-1 |
| Ubuntu 16.04 GCP | 4.15.0-1021.22~16.04.1 | USN-3777-2 |
| Ubuntu 18.04 Azure | 4.15.0-1025.26 | USN-3777-3 |
| Ubuntu 16.04 Azure | 4.15.0-1025.26~16.04.1 | USN-3777-3 |
| OS | Original kernel version | State |
|---|---|---|
| RHEL 7 |
3.10.0-514.21.2.el7
show all
hide all
3.10.0-327.36.2.el7
3.10.0-862.el7
3.10.0-514.6.1.el7
3.10.0-693.el7
3.10.0-123.8.1.el7
3.10.0-862.3.3.el7
3.10.0-123.13.1.el7
3.10.0-693.2.2.el7
3.10.0-229.el7
3.10.0-327.18.2.el7
3.10.0-693.11.1.el7
3.10.0-123.6.3.el7
3.10.0-123.13.2.el7
3.10.0-862.6.3.el7
3.10.0-229.14.1.el7
3.10.0-123.20.1.el7
3.10.0-862.14.4.el7
3.10.0-514.21.1.el7
3.10.0-327.4.5.el7
3.10.0-123.4.2.el7
3.10.0-327.3.1.el7
3.10.0-327.36.3.el7
3.10.0-693.1.1.el7
3.10.0-123.1.2.el7
3.10.0-514.10.2.el7
3.10.0-693.21.1.el7
3.10.0-123.9.2.el7
3.10.0-514.26.1.el7
3.10.0-327.36.1.el7
3.10.0-862.2.3.el7
3.10.0-123.9.3.el7
3.10.0-123.el7
3.10.0-327.13.1.el7
3.10.0-327.4.4.el7
3.10.0-514.2.2.el7
3.10.0-514.26.2.el7
3.10.0-693.11.6.el7
3.10.0-693.2.1.el7
3.10.0-862.3.2.el7
3.10.0-862.9.1.el7
3.10.0-123.4.4.el7
3.10.0-229.4.2.el7
3.10.0-327.22.2.el7
3.10.0-327.28.2.el7
3.10.0-693.5.2.el7
3.10.0-229.7.2.el7
3.10.0-327.10.1.el7
3.10.0-327.28.3.el7
3.10.0-327.el7
3.10.0-229.11.1.el7
3.10.0-229.20.1.el7
3.10.0-229.1.2.el7
3.10.0-514.el7
3.10.0-693.17.1.el7
3.10.0-862.11.6.el7
3.10.0-514.16.1.el7
3.10.0-514.6.2.el7
|
Released |
| Ubuntu 18.04 |
4.15.0-33.36
show all
hide all
4.15.0-24.26
4.15.0-34.37
4.15.0-32.35
4.15.0-31.33
4.15.0-35.38
4.15.0-20.21
4.15.0-29.31
4.15.0-23.25
4.15.0-22.24
4.15.0-30.32
|
Released |
| Ubuntu 18.04 AWS |
4.15.0-1021.21
|
Released |
| Ubuntu 16.04 HWE |
4.15.0-24.26~16.04.1
show all
hide all
4.15.0-34.37~16.04.1
4.15.0-33.36~16.04.1
4.15.0-30.32~16.04.1
4.15.0-29.31~16.04.1
4.15.0-35.38~16.04.1
4.15.0-32.35~16.04.1
|
Released |
| Debian 9 |
4.9.110-2
show all
hide all
4.9.30-2+deb9u2
4.9.65-3+deb9u2
4.9.65-3
4.9.80-2
4.9.82-1+deb9u3
4.9.82-1+deb9u2
4.9.110-3+deb9u3
4.9.107-1
4.9.30-2+deb9u1
4.9.110-3+deb9u2
4.9.88-1
4.9.110-3+deb9u1
4.9.88-1+deb9u1
4.9.51-1
4.9.110-1
4.9.30-2+deb9u5
4.9.65-1
4.9.80-1
4.9.30-2+deb9u4
4.9.65-3+deb9u1
4.9.30-2+deb9u3
4.9.110-3+deb9u4
4.9.110-3
4.9.30-2
|
Released |
| Debian 8 backports |
4.9.110-1~deb8u1
show all
hide all
4.9.110-3+deb9u4~deb8u1
4.9.110-3+deb9u1~deb8u1
4.9.30-2+deb9u2~bpo8+1
4.9.30-2+deb9u5~bpo8+1
4.9.30-2~bpo8+1
4.9.51-1~bpo8+1
4.9.65-3+deb9u1~bpo8+1
4.9.65-3+deb9u2~bpo8+1
4.9.65-3~bpo8+1
4.9.82-1+deb9u3~bpo8+1
4.9.88-1+deb9u1~bpo8+1
4.9.88-1~bpo8+1
4.9.110-3+deb9u2~deb8u1
|
Released |
| CentOS 7 |
3.10.0-327.3.1.el7
show all
hide all
3.10.0-229.7.2.el7
3.10.0-862.14.4.el7
3.10.0-327.36.3.el7
3.10.0-327.36.2.el7
3.10.0-862.el7
3.10.0-229.11.1.el7
3.10.0-229.el7
3.10.0-123.1.2.el7
3.10.0-693.1.1.el7
3.10.0-123.4.2.el7
3.10.0-514.10.2.el7
3.10.0-123.6.3.el7
3.10.0-327.10.1.el7
3.10.0-693.21.1.el7
3.10.0-693.5.2.el7
3.10.0-123.13.1.el7
3.10.0-327.28.2.el7
3.10.0-862.3.3.el7
3.10.0-123.8.1.el7
3.10.0-862.11.6.el7
3.10.0-123.9.2.el7
3.10.0-862.6.3.el7
3.10.0-514.21.2.el7
3.10.0-229.4.2.el7
3.10.0-514.6.2.el7
3.10.0-693.11.1.el7
3.10.0-327.el7
3.10.0-327.22.2.el7
3.10.0-123.13.2.el7
3.10.0-693.17.1.el7
3.10.0-327.18.2.el7
3.10.0-229.14.1.el7
3.10.0-514.16.1.el7
3.10.0-514.21.1.el7
3.10.0-514.6.1.el7
3.10.0-693.2.2.el7
3.10.0-862.2.3.el7
3.10.0-123.9.3.el7
3.10.0-123.el7
3.10.0-327.13.1.el7
3.10.0-327.4.4.el7
3.10.0-514.2.2.el7
3.10.0-514.26.2.el7
3.10.0-693.11.6.el7
3.10.0-693.2.1.el7
3.10.0-862.3.2.el7
3.10.0-862.9.1.el7
3.10.0-229.1.2.el7
3.10.0-229.20.1.el7
3.10.0-123.4.4.el7
3.10.0-327.28.3.el7
3.10.0-327.36.1.el7
3.10.0-693.el7
3.10.0-514.26.1.el7
3.10.0-514.el7
3.10.0-123.20.1.el7
3.10.0-327.4.5.el7
|
Released |
| CentOS 7 plus |
3.10.0-327.4.5.el7.centos.plus
show all
hide all
3.10.0-514.21.1.el7.centos.plus
3.10.0-514.6.2.el7.centos.plus
3.10.0-862.2.3.el7.centos.plus
3.10.0-327.36.3.el7.centos.plus
3.10.0-123.13.2.el7.centos.plus
3.10.0-862.el7.centos.plus
3.10.0-862.11.6.el7.centos.plus
3.10.0-123.8.1.el7.centos.plus
3.10.0-123.6.3.el7.centos.plus
3.10.0-229.14.1.el7.centos.plus
3.10.0-327.28.2.el7.centos.plus
3.10.0-693.11.1.el7.centos.plus
3.10.0-693.1.1.el7.centos.plus
3.10.0-862.14.4.el7.centos.plus
3.10.0-514.10.2.el7.centos.plus
3.10.0-123.4.4.el7.centos.plus
3.10.0-693.5.2.el7.centos.plus
3.10.0-693.el7.centos.plus
3.10.0-862.6.3.el7.centos.plus
3.10.0-229.7.2.el7.centos.plus
3.10.0-123.9.2.el7.centos.plus
3.10.0-693.21.1.el7.centos.plus
3.10.0-862.3.3.el7.centos.plus
3.10.0-327.22.2.el7.centos.plus
3.10.0-229.el7.centos.plus
3.10.0-327.36.2.el7.centos.plus
3.10.0-123.20.1.el7.centos.plus
3.10.0-123.13.1.el7.centos.plus
3.10.0-514.el7.centos.plus
3.10.0-327.10.1.el7.centos.plus
3.10.0-327.28.3.el7.centos.plus
3.10.0-229.4.2.el7.centos.plus
3.10.0-514.6.1.el7.centos.plus
3.10.0-229.1.2.el7.centos.plus
3.10.0-514.16.1.el7.centos.plus
3.10.0-123.9.3.el7.centos.plus
3.10.0-123.el7.centos.plus
3.10.0-327.13.1.el7.centos.plus
3.10.0-327.4.4.el7.centos.plus
3.10.0-693.2.1.el7.centos.plus
3.10.0-862.11.6.el7.centos.plus.1
3.10.0-862.3.2.el7.centos.plus
3.10.0-862.9.1.el7.centos.plus
3.10.0-514.2.2.el7.centos.plus
3.10.0-514.26.2.el7.centos.plus
3.10.0-693.11.6.el7.centos.plus
3.10.0-123.1.2.el7.centos.plus
3.10.0-514.21.2.el7.centos.plus
3.10.0-693.17.1.el7.centos.plus
3.10.0-693.2.2.el7.centos.plus
3.10.0-229.11.1.el7.centos.plus
3.10.0-327.18.2.el7.centos.plus
3.10.0-123.4.2.el7.centos.plus
3.10.0-229.20.1.el7.centos.plus
3.10.0-327.3.1.el7.centos.plus
3.10.0-327.36.1.el7.centos.plus
3.10.0-327.el7.centos.plus
|
Released |
| Oracle Linux 7 |
3.10.0-862.6.3.el7
show all
hide all
3.10.0-862.14.4.el7
3.10.0-693.17.1.el7
3.10.0-229.7.2.el7
3.10.0-229.1.2.el7
3.10.0-123.20.1.el7
3.10.0-123.13.1.el7
3.10.0-229.4.2.el7
3.10.0-862.2.3.el7
3.10.0-123.13.2.el7
3.10.0-123.4.4.el7
3.10.0-229.el7
3.10.0-862.11.6.el7
3.10.0-123.6.3.el7
3.10.0-327.4.5.el7
3.10.0-862.el7
3.10.0-229.11.1.el7
3.10.0-327.36.3.el7
3.10.0-123.4.2.el7
3.10.0-327.18.2.el7
3.10.0-862.3.3.el7
3.10.0-327.36.2.el7
3.10.0-327.28.3.el7
3.10.0-327.3.1.el7
3.10.0-693.21.1.el7
3.10.0-327.10.1.el7
3.10.0-514.el7
3.10.0-123.9.3.el7
3.10.0-123.el7
3.10.0-327.13.1.el7
3.10.0-327.4.4.el7
3.10.0-514.10.2.el7
3.10.0-514.16.1.el7
3.10.0-514.2.2.el7
3.10.0-514.21.1.el7
3.10.0-514.21.2.el7
3.10.0-514.26.1.el7
3.10.0-514.26.2.el7
3.10.0-514.6.2.el7
3.10.0-693.1.1.el7
3.10.0-693.2.1.el7
3.10.0-693.2.2.el7
3.10.0-693.5.2.el7
3.10.0-693.el7
3.10.0-862.3.2.el7
3.10.0-862.9.1.el7
3.10.0-327.22.2.el7
3.10.0-327.28.2.el7
3.10.0-693.11.1.el7
3.10.0-693.11.6.el7
3.10.0-229.14.1.el7
3.10.0-123.8.1.el7
3.10.0-123.1.2.el7
3.10.0-123.9.2.el7
3.10.0-229.20.1.el7
3.10.0-327.36.1.el7
3.10.0-327.el7
3.10.0-514.6.1.el7
|
Released |
| Oracle Linux 6 UEK 4 |
4.1.12-124.23.2.el6uek
show all
hide all
4.1.12-124.14.1.el6uek
4.1.12-124.21.1.el6uek
4.1.12-124.25.1.el6uek
4.1.12-124.15.2.el6uek
4.1.12-124.27.1.el6uek
4.1.12-124.18.5.el6uek
4.1.12-112.16.7.el6uek
4.1.12-124.14.5.el6uek
4.1.12-124.19.1.el6uek
4.1.12-94.3.5.el6uek
4.1.12-124.17.1.el6uek
4.1.12-103.9.4.el6uek
4.1.12-124.20.7.el6uek
4.1.12-124.16.2.el6uek
4.1.12-112.14.15.el6uek
4.1.12-112.17.3.el6uek
4.1.12-124.16.1.el6uek
4.1.12-124.17.2.el6uek
4.1.12-124.18.1.el6uek
4.1.12-124.22.2.el6uek
4.1.12-124.27.2.el6uek
4.1.12-124.18.9.el6uek
4.1.12-124.15.1.el6uek
4.1.12-124.19.2.el6uek
4.1.12-124.26.10.el6uek
4.1.12-124.15.4.el6uek
4.1.12-112.14.13.el6uek
4.1.12-124.14.2.el6uek
4.1.12-124.16.4.el6uek
4.1.12-124.26.12.el6uek
4.1.12-124.20.1.el6uek
4.1.12-112.16.4.el6uek
4.1.12-124.14.3.el6uek
4.1.12-124.16.3.el6uek
4.1.12-124.20.3.el6uek
4.1.12-61.47.1.el6uek
|
Released |
| Oracle Linux 7 UEK 4 |
4.1.12-124.27.1.el7uek
show all
hide all
4.1.12-124.25.1.el7uek
4.1.12-124.26.12.el7uek
4.1.12-103.9.4.el7uek
4.1.12-112.14.13.el7uek
4.1.12-124.15.1.el7uek
4.1.12-124.15.2.el7uek
4.1.12-112.16.7.el7uek
4.1.12-124.14.2.el7uek
4.1.12-124.17.1.el7uek
4.1.12-124.27.2.el7uek
4.1.12-124.15.4.el7uek
4.1.12-94.3.5.el7uek
4.1.12-124.16.2.el7uek
4.1.12-124.14.5.el7uek
4.1.12-124.14.1.el7uek
4.1.12-124.26.10.el7uek
4.1.12-124.23.2.el7uek
4.1.12-124.20.7.el7uek
4.1.12-124.16.4.el7uek
4.1.12-124.18.9.el7uek
4.1.12-112.14.15.el7uek
4.1.12-112.16.4.el7uek
4.1.12-112.17.3.el7uek
4.1.12-124.14.3.el7uek
4.1.12-124.16.1.el7uek
4.1.12-124.16.3.el7uek
4.1.12-124.17.2.el7uek
4.1.12-124.22.2.el7uek
4.1.12-124.18.1.el7uek
4.1.12-124.20.3.el7uek
|
Released |
| Amazon Linux 1 |
4.14.62-65.117.amzn1
show all
hide all
4.14.70-67.55.amzn1
|
Released |
| Amazon Linux 2 |
4.14.26-54.32.amzn2
show all
hide all
4.14.42-61.37.amzn2
4.14.33-59.34.amzn2
4.14.62-70.117.amzn2
4.14.51-66.38.amzn2
4.14.67-71.56.amzn2
4.14.70-72.55.amzn2
|
Released |
| Proxmox VE 5 |
4.15.18-1-pve_4.15.18-15
show all
hide all
4.15.18-2-pve_4.15.18-20
4.15.17-3-pve_4.15.17-12
4.15.10-1-pve_4.15.10-4
4.15.15-1-pve_4.15.15-6
4.15.17-1-pve_4.15.17-9
4.15.17-2-pve_4.15.17-10
4.15.18-1-pve_4.15.18-16
4.15.18-1-pve_4.15.18-17
4.15.18-1-pve_4.15.18-19
4.15.18-4-pve_4.15.18-23
4.15.3-1-pve_4.15.3-1
4.15.18-2-pve_4.15.18-21
4.15.18-3-pve_4.15.18-22
4.15.18-5-pve_4.15.18-24
|
Released |
| Ubuntu 18.04 GCP |
4.15.0-1010.10
show all
hide all
4.15.0-1015.15
4.15.0-1018.19
4.15.0-1017.18
4.15.0-1009.9
4.15.0-1008.8
4.15.0-1006.6
4.15.0-1014.14
4.15.0-1019.20
|
Released |
| Ubuntu 16.04 GCP |
4.15.0-1019.20~16.04.1
show all
hide all
4.15.0-1017.18~16.04.1
4.15.0-1018.19~16.04.2
4.15.0-1014.14~16.04.1
4.15.0-1015.15~16.04.1
|
Released |
| Endurance 6 elrepo |
4.4.112-1.el6.elrepo
|
Released |
| Endurance 7 eig 4.14 |
4.14.68-103.ELK.el6
show all
hide all
4.14.68-103.ELK.el7
|
Released |
| Proofpoint | |
Ready For Release |
| OEL 7 Dell | |
Ready For Release |
| Ubuntu 18.04 Azure |
4.15.0-1014.14
show all
hide all
4.15.0-1012.12
4.15.0-1021.21
4.15.0-1022.23
4.15.0-1009.9
4.15.0-1018.18
4.15.0-1013.13
4.15.0-1019.19
4.15.0-1023.24
|
Released |
| Ubuntu 16.04 Azure |
4.15.0-1019.19~16.04.1
show all
hide all
4.15.0-1023.24~16.04.1
4.15.0-1014.14~16.04.1
4.15.0-1022.22~16.04.1
4.15.0-1021.21~16.04.1
4.15.0-1018.18~16.04.1
4.15.0-1013.13~16.04.2
|
Released |
| Debian 10 cloud | |
Will Not Fix |
| Debian 9 backports | |
Will Not Fix |