Issue metadata
Sign in to add a comment
|
CVE-2018-1000026 CrOS: Vulnerability reported in Linux kernel |
||||||||||||||||||||||
Issue descriptionVOMIT (go/vomit) has received an external vulnerability report for the Linux kernel. Advisory: CVE-2018-1000026 Details: http://vomit.googleplex.com/advisory?id=CVE/CVE-2018-1000026 CVSS severity score: 6.8/10.0 Description: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. This bug was filed by http://go/vomit Please contact us at vomit-team@google.com if you need any assistance.
,
Mar 9 2018
I'll put this into M-68 but it doesn't really matter for a Security_Impact-None.
,
Mar 9 2018
,
Mar 28 2018
Marking WontFix; we'll pull in the fix through a stable release merge if/when it is available.
,
Mar 28 2018
|
|||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||
Comment 1 by groeck@chromium.org
, Mar 9 2018Labels: Security_Severity-Medium Security_Impact-None Pri-3
Owner: groeck@chromium.org
Status: ExternalDependency (was: Untriaged)
CONFIG_BNX2X is not enabled in any ChromeOS branches. The problem has been fixed with upstream commit 8914a595110a ("bnx2x: disable GSO where gso_size is too big for hardware"). The fix is not yet available in stable releases. We will pull it in from there if/when available.