CVE-2018-1000026

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

Severity: MEDIUM (6.8) Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C

Severity: HIGH (7.7) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

References:

http://lists.openwall.net/netdev/2018/01/16/40
http://lists.openwall.net/netdev/2018/01/18/96
https://access.redhat.com/errata/RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3096
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
https://patchwork.ozlabs.org/patch/859410/
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3620-1/
https://usn.ubuntu.com/3620-2/
https://usn.ubuntu.com/3632-1/
http://lists.openwall.net/netdev/2018/01/16/40
http://lists.openwall.net/netdev/2018/01/18/96
https://access.redhat.com/errata/RHSA-2018:2948
https://access.redhat.com/errata/RHSA-2018:3083
https://access.redhat.com/errata/RHSA-2018:3096
https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
https://patchwork.ozlabs.org/patch/859410/
https://usn.ubuntu.com/3617-1/
https://usn.ubuntu.com/3617-2/
https://usn.ubuntu.com/3617-3/
https://usn.ubuntu.com/3619-1/
https://usn.ubuntu.com/3619-2/
https://usn.ubuntu.com/3620-1/
https://usn.ubuntu.com/3620-2/
https://usn.ubuntu.com/3632-1/

Version: 2.1.2

Package kernel-image-std-debug update in p8 on 2019-02-22

ALT-PU-2019-1295-1

Closed vulnerabilities

CVE-2018-1000026