Improper Input Validation Affecting kernel-rt-trace-devel package, versions <0:3.10.0-957.rt56.910.el7
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CENTOS7-KERNELRTTRACEDEVEL-2111326
- published 26 Jul 2021
- disclosed 12 Jan 2018
Introduced: 12 Jan 2018
CVE-2018-1000026 Open this link in a new tabHow to fix?
Upgrade Centos:7 kernel-rt-trace-devel to version 0:3.10.0-957.rt56.910.el7 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream kernel-rt-trace-devel package and not the kernel-rt-trace-devel package as distributed by Centos.
See How to fix? for Centos:7 relevant fixed versions and status.
Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
References
- https://access.redhat.com/security/cve/CVE-2018-1000026
- https://patchwork.ozlabs.org/patch/859410/
- http://lists.openwall.net/netdev/2018/01/16/40
- http://lists.openwall.net/netdev/2018/01/18/96
- https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html
- https://access.redhat.com/errata/RHSA-2018:3096
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3620-1/
- https://usn.ubuntu.com/3620-2/
- https://usn.ubuntu.com/3632-1/