CVEs affecting projects tracked on Release Alert, from NVD & OSV.
In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.