7.8

CVE-2016-8666

The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.14 < 3.16.35
LinuxLinux Kernel Version >= 3.17 < 3.18.47
LinuxLinux Kernel Version >= 3.19 < 4.1.38
LinuxLinux Kernel Version >= 4.2 < 4.4.29
LinuxLinux Kernel Version >= 4.5 < 4.6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.7% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://rhn.redhat.com/errata/RHSA-2016-2047.html
http://rhn.redhat.com/errata/RHSA-2016-2107.html
http://rhn.redhat.com/errata/RHSA-2016-2110.html
https://access.redhat.com/errata/RHSA-2017:0372
https://bto.bluecoat.com/security-advisory/sa134
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
http://rhn.redhat.com/errata/RHSA-2017-0004.html
http://www.openwall.com/lists/oss-security/2016/10/13/11
http://www.securityfocus.com/bid/93562
https://bugzilla.redhat.com/show_bug.cgi?id=1384991
https://bugzilla.suse.com/show_bug.cgi?id=1001486
https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971