PT-2018-9217 · Linux+5 · Linux Kernel+5

David Rientjes

Published

2018-02-09

Updated

2023-10-03

CVE-2018-1000026

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.8 and later

Description: The issue is related to insufficient input validation in the bnx2x network card driver, which can lead to a denial of service (DoS) condition where the network card firmware assertion takes the card offline. An attacker can exploit this by sending a very large, specially crafted packet to the bnx2x card, potentially from an untrusted guest VM.

Recommendations: For Linux kernel versions 4.8 and later, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2019-1282

ALT-PU-2019-1284

ALT-PU-2019-1285

AZL-6517

CESA-2018_3083

CVE-2018-1000026

DLA-1771-1

MGASA-2019-0107

MGASA-2019-0171

MGASA-2019-0172

OPENSUSE-SU-2018_0781-1

RHSA-2018:2948

RHSA-2018:3083

RHSA-2018:3096

RHSA-2018_3083

RHSA-2018_3096

SUSE-SU-2018:0785-1

SUSE-SU-2018:0786-1

SUSE-SU-2018:0986-1

SUSE-SU-2018:2860-1

SUSE-SU-2018:2962-1

SUSE-SU-2018:3029-1

SUSE-SU-2018_2860-1

USN-3617-1

USN-3617-2

USN-3617-3

USN-3619-1

USN-3619-2

USN-3620-1

USN-3620-2

USN-3632-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2018-9217 · Linux+5 · Linux Kernel+5

CVE-2018-1000026

Weakness Enumeration

Related Identifiers

Affected Products

References · 368