Vulnerability Details : CVE-2018-1000026
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
Vulnerability category: Input validationDenial of service
Products affected by CVE-2018-1000026
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000026
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000026
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:C |
8.0
|
6.9
|
NIST | |
7.7
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
3.1
|
4.0
|
NIST | |
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
3.1
|
4.0
|
NIST |
CWE ids for CVE-2018-1000026
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000026
-
https://access.redhat.com/errata/RHSA-2018:3096
RHSA-2018:3096 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://patchwork.ozlabs.org/patch/859410/
[v2] bnx2x: disable GSO where gso_size is too big for hardware - PatchworkThird Party Advisory
-
https://usn.ubuntu.com/3617-2/
USN-3617-2: Linux (HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2948
RHSA-2018:2948 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:3083
RHSA-2018:3083 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.openwall.net/netdev/2018/01/18/96
netdev - Re: [PATCH 0/3] Check gso_size of packets when forwardingThird Party Advisory
-
https://usn.ubuntu.com/3632-1/
USN-3632-1: Linux kernel (Azure) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
[SECURITY] [DLA 1771-1] linux-4.9 security updateMailing List;Third Party Advisory
-
https://usn.ubuntu.com/3617-1/
USN-3617-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3620-2/
USN-3620-2: Linux kernel (Trusty HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3620-1/
USN-3620-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.openwall.net/netdev/2018/01/16/40
netdev - [PATCH 0/3] Check gso_size of packets when forwardingThird Party Advisory
-
https://usn.ubuntu.com/3619-1/
USN-3619-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3619-2/
USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3617-3/
USN-3617-3: Linux kernel (Raspberry Pi 2) vulnerabilities | Ubuntu security noticesThird Party Advisory
Jump to