CVE-2018-1000026
Last modified
CVE-2018-1000026 is a high-severity vulnerability rated 7.7/10 on the CVSS scale. Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. EPSS estimates a 3.90% chance of exploitation in the next 30 days.
Description
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 2.6.12, < 4.4.181 |
| Linux | Linux Kernel | >= 4.5.0, < 4.9.159 |
| Linux | Linux Kernel | >= 4.10, < 4.14.102 |
| Linux | Linux Kernel | >= 4.15, < 4.16 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 16.04 |
| Canonical | Ubuntu Linux | 17.10 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Debian | Debian Linux | 8.0 |
References
- http://lists.openwall.net/netdev/2018/01/16/40Third Party Advisory
- http://lists.openwall.net/netdev/2018/01/18/96Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3083Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3096Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing List, Third Party Advisory
- https://patchwork.ozlabs.org/patch/859410/Third Party Advisory
- https://usn.ubuntu.com/3617-1/Third Party Advisory
- https://usn.ubuntu.com/3617-2/Third Party Advisory
- https://usn.ubuntu.com/3617-3/Third Party Advisory
- https://usn.ubuntu.com/3619-1/Third Party Advisory
- https://usn.ubuntu.com/3619-2/Third Party Advisory
- https://usn.ubuntu.com/3620-1/Third Party Advisory
- https://usn.ubuntu.com/3620-2/Third Party Advisory
- https://usn.ubuntu.com/3632-1/Third Party Advisory
- http://lists.openwall.net/netdev/2018/01/16/40Third Party Advisory
- http://lists.openwall.net/netdev/2018/01/18/96Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3083Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3096Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing List, Third Party Advisory
- https://patchwork.ozlabs.org/patch/859410/Third Party Advisory
- https://usn.ubuntu.com/3617-1/Third Party Advisory
- https://usn.ubuntu.com/3617-2/Third Party Advisory
- https://usn.ubuntu.com/3617-3/Third Party Advisory
- https://usn.ubuntu.com/3619-1/Third Party Advisory
- https://usn.ubuntu.com/3619-2/Third Party Advisory
- https://usn.ubuntu.com/3620-1/Third Party Advisory
- https://usn.ubuntu.com/3620-2/Third Party Advisory
- https://usn.ubuntu.com/3632-1/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-1000026?
How severe is CVE-2018-1000026?
How do I fix CVE-2018-1000026?
Are you affected by CVE-2018-1000026?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST