CVE-2016-8666
HIGHLinux Kernel 3.14-3.16.35 - Denial of Service via GRO Path Tunnel Stacking
Title source: llmDescription
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
References (12)
Core 12
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2107.html
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:0372
Various Sources x_refsource_confirm
https://bto.bluecoat.com/security-advisory/sa134
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93562
Patch x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2047.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2016-2110.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/10/13/11
Patch x_refsource_confirm
https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2017-0004.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1384991
Issue Tracking x_refsource_confirm
https://bugzilla.suse.com/show_bug.cgi?id=1001486
Scores
CVSS v3
7.5
EPSS
0.0470
EPSS Percentile
90.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (1)
linux/linux_kernel
3.14 - 3.16.35
Published
Oct 16, 2016
Tracked Since
Feb 18, 2026