CVE-2018-1000026

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

Severity: HIGH (7.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References:

[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40
[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96
RHSA-2018:2948
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018:3096
[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update
https://patchwork.ozlabs.org/patch/859410/
https://patchwork.ozlabs.org/patch/859410/
USN-3617-1
USN-3617-1
USN-3617-2
USN-3617-2
USN-3617-3
USN-3617-3
USN-3619-1
USN-3619-1
USN-3619-2
USN-3619-2
USN-3620-1
USN-3620-1
USN-3620-2
USN-3620-2
USN-3632-1
USN-3632-1

Version: 2.1.0

Package kernel-image-std-debug update in p8 on 2019-02-22

ALT-PU-2019-1295-1

Closed vulnerabilities

CVE-2018-1000026