7.8

CVE-2016-7039

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

Data is provided by the National Vulnerability Database (NVD)
OracleLinux Version6
OracleLinux Version7
OracleVm Server Version3.4
LinuxLinux Kernel Version >= 4.0 < 4.1.37
LinuxLinux Kernel Version >= 4.2 < 4.4.32
LinuxLinux Kernel Version >= 4.5 < 4.8.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.88% 0.732
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
http://www.openwall.com/lists/oss-security/2016/10/10/15
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/93476
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1375944
Third Party Advisory
Issue Tracking