CVE-2018-1000026

MEDIUM

Description

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

References

http://lists.openwall.net/netdev/2018/01/16/40

http://lists.openwall.net/netdev/2018/01/18/96

https://access.redhat.com/errata/RHSA-2018:2948

https://access.redhat.com/errata/RHSA-2018:3083

https://access.redhat.com/errata/RHSA-2018:3096

https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

https://patchwork.ozlabs.org/patch/859410/

https://usn.ubuntu.com/3617-1/

https://usn.ubuntu.com/3617-2/

https://usn.ubuntu.com/3617-3/

https://usn.ubuntu.com/3619-1/

https://usn.ubuntu.com/3619-2/

https://usn.ubuntu.com/3620-1/

https://usn.ubuntu.com/3620-2/

https://usn.ubuntu.com/3632-1/

Details

Source: MITRE

Published: 2018-02-09

Updated: 2020-10-15

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Impact Score: 4

Exploitability Score: 3.1

Severity: HIGH

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
135614EulerOS Virtualization 3.0.2.2 : kernel (EulerOS-SA-2020-1452)NessusHuawei Local Security Checks
high
127281NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0074)NessusNewStart CGSL Local Security Checks
critical
127272NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0070)NessusNewStart CGSL Local Security Checks
critical
126031Slackware 14.2 / current : kernel (SSA:2019-169-01) (SACK Panic) (SACK Slowness)NessusSlackware Local Security Checks
high
124992EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1539)NessusHuawei Local Security Checks
critical
124595Debian DLA-1771-1 : linux-4.9 security updateNessusDebian Local Security Checks
high
122802Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4570)NessusOracle Linux Local Security Checks
low
121944Photon OS 2.0: Linux PHSA-2018-2.0-0042NessusPhotonOS Local Security Checks
medium
121837Photon OS 1.0: Linux PHSA-2018-1.0-0132NessusPhotonOS Local Security Checks
high
119921EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)NessusHuawei Local Security Checks
high
119187Scientific Linux Security Update : kernel on SL7.x x86_64 (20181030)NessusScientific Linux Local Security Checks
high
118990CentOS 7 : kernel (CESA-2018:3083)NessusCentOS Local Security Checks
high
118770Oracle Linux 7 : kernel (ELSA-2018-3083)NessusOracle Linux Local Security Checks
high
118528RHEL 7 : kernel-rt (RHSA-2018:3096)NessusRed Hat Local Security Checks
high
118525RHEL 7 : kernel (RHSA-2018:3083)NessusRed Hat Local Security Checks
high
118513RHEL 7 : kernel-alt (RHSA-2018:2948) (Spectre)NessusRed Hat Local Security Checks
high
117801SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2860-1)NessusSuSE Local Security Checks
high
117555EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1246)NessusHuawei Local Security Checks
medium
111934Photon OS 1.0: Linux / Rsync PHSA-2018-1.0-0132 (deprecated)NessusPhotonOS Local Security Checks
high
111301Photon OS 2.0 : linux / linux-esx / linux-aws / linux-secure (PhotonOS-PHSA-2018-2.0-0042) (deprecated)NessusPhotonOS Local Security Checks
medium
109483EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1085)NessusHuawei Local Security Checks
high
109316Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3632-1)NessusUbuntu Local Security Checks
high
108878Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)NessusUbuntu Local Security Checks
high
108843Ubuntu 14.04 LTS : linux vulnerabilities (USN-3620-1)NessusUbuntu Local Security Checks
critical
108842Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)NessusUbuntu Local Security Checks
high
108840Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)NessusUbuntu Local Security Checks
high
108835Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)NessusUbuntu Local Security Checks
high
108834Ubuntu 17.10 : linux vulnerabilities (USN-3617-1)NessusUbuntu Local Security Checks
high
108649SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0786-1)NessusSuSE Local Security Checks
high
108648SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0785-1)NessusSuSE Local Security Checks
high
108577openSUSE Security Update : the Linux Kernel (openSUSE-2018-292)NessusSuSE Local Security Checks
high
106989Fedora 27 : kernel (2018-7a62047e30)NessusFedora Local Security Checks
medium
106987Fedora 26 : kernel (2018-03a6606cb5)NessusFedora Local Security Checks
medium