CVE-2018-1000026

MEDIUM

Description

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

References

http://lists.openwall.net/netdev/2018/01/16/40

http://lists.openwall.net/netdev/2018/01/18/96

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:3096

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://patchwork.ozlabs.org/patch/859410/

https://usn.ubuntu.com/3617-1/

https://usn.ubuntu.com/3617-2/

https://usn.ubuntu.com/3617-3/

https://usn.ubuntu.com/3619-1/

https://usn.ubuntu.com/3619-2/

https://usn.ubuntu.com/3620-1/

https://usn.ubuntu.com/3620-2/

https://usn.ubuntu.com/3632-1/

Details

Source: MITRE

Published: 2018-02-09

Updated: 2019-05-10

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 3.1

Severity: HIGH