CVE-2018-1000026

Description

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

CVSS Metrics

• v3.1•HIGH•Score: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 6.8AV:N/AC:L/Au:S/C:N/I:N/A:C

EPSS Trends

Current EPSS score: 0.86%• Percentile: 75%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• canonical•ubuntu_linux

  12.04 | 14.04 | 16.04 | 17.10

• debian•debian_linux

  8.0

• linux•linux_kernel

  ≥ 2.6.12, < 4.4.181 | ≥ 4.5.0, < 4.9.159 | ≥ 4.10, < 4.14.102 | ≥ 4.15, < 4.16

• redhat•enterprise_linux

  7.0

• redhat•enterprise_linux_desktop

  7.0

• redhat•enterprise_linux_server

  7.0

• redhat•enterprise_linux_workstation

  7.0

References (15)

• https://access.redhat.com/errata/RHSA-2018:3083
• https://usn.ubuntu.com/3617-1/
• https://usn.ubuntu.com/3619-2/
• https://usn.ubuntu.com/3617-3/
• https://usn.ubuntu.com/3632-1/
• https://usn.ubuntu.com/3620-2/
• https://access.redhat.com/errata/RHSA-2018:2948
• https://patchwork.ozlabs.org/patch/859410/
• http://lists.openwall.net/netdev/2018/01/16/40
• https://usn.ubuntu.com/3617-2/
• http://lists.openwall.net/netdev/2018/01/18/96
• https://usn.ubuntu.com/3620-1/
• https://access.redhat.com/errata/RHSA-2018:3096
• https://usn.ubuntu.com/3619-1/
• https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html