CVE-2018-1000026

Sažetak

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

Reference

https://patchwork.ozlabs.org/patch/859410/
http://lists.openwall.net/netdev/2018/01/18/96
http://lists.openwall.net/netdev/2018/01/16/40
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3620-2/
https://usn.ubuntu.com/3620-1/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3632-1/
https://access.redhat.com/errata/RHSA-2018:3096
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:2948
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html

CVSS

Base:	6.8
Impact:	6.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Zadnje važnije ažuriranje

03-10-2023 - 15:39

Objavljeno

09-02-2018 - 23:29