CVE-2016-8666

Published: Oct 16, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.

Affected (5)

Products: Linux: Linux Kernel

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 3.14 to 3.16.35
Linux Linux Kernel	From 3.17 to 3.18.47
Linux Linux Kernel	From 3.19 to 4.1.38
Linux Linux Kernel	From 4.2 to 4.4.29
Linux Linux Kernel	From 4.5 to 4.6

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (24)

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971

Source: security@opentext.com

http://rhn.redhat.com/errata/RHSA-2016-2047.html

Source: security@opentext.com

http://rhn.redhat.com/errata/RHSA-2016-2107.html

Source: security@opentext.com

http://rhn.redhat.com/errata/RHSA-2016-2110.html

Source: security@opentext.com

http://rhn.redhat.com/errata/RHSA-2017-0004.html

Source: security@opentext.com

http://www.openwall.com/lists/oss-security/2016/10/13/11

Source: security@opentext.com

http://www.securityfocus.com/bid/93562

Source: security@opentext.com

https://access.redhat.com/errata/RHSA-2017:0372

Source: security@opentext.com

https://bto.bluecoat.com/security-advisory/sa134

Source: security@opentext.com

https://bugzilla.redhat.com/show_bug.cgi?id=1384991

Source: security@opentext.com

https://bugzilla.suse.com/show_bug.cgi?id=1001486

Source: security@opentext.com

https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971

Source: security@opentext.com

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-2047.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-2107.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2016-2110.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2017-0004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2016/10/13/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/93562

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:0372

Source: af854a3a-2127-422b-91ae-364da2661108

https://bto.bluecoat.com/security-advisory/sa134

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1384991

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=1001486

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.