CVE-2018-1000026 — Improper Input Validation in Kernel
Severity
7.7HIGHNVD
OSV7.8OSV7.5
EPSS
0.9%
top 24.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 9
Latest updateMay 13
Description
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0
Affected Packages9 packages
Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, Enterprise Linux 7.0
🔴Vulnerability Details
7📋Vendor Advisories
11💬Community
2Bugzilla▶
CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet [fedora-all]↗2018-02-19
Bugzilla▶
CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet↗2018-02-05