CVE-2018-1000026 — HIGH (7.7)

Q: How severe is CVE-2018-1000026?

CVE-2018-1000026 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1000026?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.

Vulnerability Description

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

CVSS Score

7.7

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.6.12, < 4.4.181
Canonical	Ubuntu Linux	12.04
Redhat	Enterprise Linux	7.0
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-20

References

http://lists.openwall.net/netdev/2018/01/16/40Third Party Advisory
http://lists.openwall.net/netdev/2018/01/18/96Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2948Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3083Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3096Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.htmlMailing ListThird Party Advisory
https://patchwork.ozlabs.org/patch/859410/Third Party Advisory
https://usn.ubuntu.com/3617-1/Third Party Advisory
https://usn.ubuntu.com/3617-2/Third Party Advisory
https://usn.ubuntu.com/3617-3/Third Party Advisory
https://usn.ubuntu.com/3619-1/Third Party Advisory
https://usn.ubuntu.com/3619-2/Third Party Advisory
https://usn.ubuntu.com/3620-1/Third Party Advisory
https://usn.ubuntu.com/3620-2/Third Party Advisory
https://usn.ubuntu.com/3632-1/Third Party Advisory

FAQ

What is CVE-2018-1000026?

CVE-2018-1000026 is a vulnerability with a CVSS score of 7.7 (HIGH). Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware...

How severe is CVE-2018-1000026?

CVE-2018-1000026 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1000026?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Canonical Ubuntu Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server.