PT-2018-9217 · Linux+5 · Linux Kernel+5

David Rientjes

·

Publicado

2018-02-09

·

Atualizado

2023-10-03

·

CVE-2018-1000026

CVSS v3.1

7.7

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.8 and later
Description: The issue is related to insufficient input validation in the bnx2x network card driver, which can lead to a denial of service (DoS) condition where the network card firmware assertion takes the card offline. An attacker can exploit this by sending a very large, specially crafted packet to the bnx2x card, potentially from an untrusted guest VM.
Recommendations: For Linux kernel versions 4.8 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2019-1282
ALT-PU-2019-1284
ALT-PU-2019-1285
AZL-6517
CESA-2018_3083
CVE-2018-1000026
DLA-1771-1
MGASA-2019-0107
MGASA-2019-0171
MGASA-2019-0172
OPENSUSE-SU-2018_0781-1
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018_3083
RHSA-2018_3096
SUSE-SU-2018:0785-1
SUSE-SU-2018:0786-1
SUSE-SU-2018:0986-1
SUSE-SU-2018:2860-1
SUSE-SU-2018:2962-1
SUSE-SU-2018:3029-1
SUSE-SU-2018_2860-1
USN-3617-1
USN-3617-2
USN-3617-3
USN-3619-1
USN-3619-2
USN-3620-1
USN-3620-2
USN-3632-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu