Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-7039

Опубликовано: 10 окт. 2016
Источник: redhat
CVSS3: 7.5
CVSS2: 7.1
EPSS Низкий

Описание

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernel-rtFixedRHSA-2016:211026.10.2016
Red Hat Enterprise Linux 7kernelFixedRHSA-2016:204710.10.2016
Red Hat Enterprise Linux 7kernel-aarch64FixedRHSA-2017:037202.03.2017
Red Hat Enterprise MRG 2kernel-rtFixedRHSA-2016:210726.10.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-674
https://bugzilla.redhat.com/show_bug.cgi?id=1375944kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash

EPSS

Процентиль: 74%
0.00878
Низкий

7.5 High

CVSS3

7.1 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-7039

CVSS3: 7.5
ubuntu
почти 9 лет назад

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

nvd логотип

CVE-2016-7039

CVSS3: 7.5
nvd
почти 9 лет назад

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

debian логотип

CVE-2016-7039

CVSS3: 7.5
debian
почти 9 лет назад

The IP stack in the Linux kernel through 4.8.2 allows remote attackers ...

github логотип

GHSA-3rm9-rm94-6p3r

CVSS3: 7.5
github
больше 3 лет назад

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

oracle-oval логотип

ELSA-2016-3626

oracle-oval
почти 9 лет назад

ELSA-2016-3626: Unbreakable Enterprise kernel security update (IMPORTANT)

EPSS

Процентиль: 74%
0.00878
Низкий

7.5 High

CVSS3

7.1 High

CVSS2