{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-09-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:16:08.000Z", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "RHSA-2016:2107", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"}, {"name": "RHSA-2017:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0372"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bto.bluecoat.com/security-advisory/sa134"}, {"name": "93562", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/93562"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"name": "RHSA-2016:2047", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"}, {"name": "RHSA-2016:2110", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"}, {"name": "[oss-security] 20161013 CVE Request: another recursion in GRE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"name": "RHSA-2017:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2016-8666", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2016:2107", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"}, {"name": "RHSA-2017:0372", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:0372"}, {"name": "https://bto.bluecoat.com/security-advisory/sa134", "refsource": "CONFIRM", "url": "https://bto.bluecoat.com/security-advisory/sa134"}, {"name": "93562", "refsource": "BID", "url": "http://www.securityfocus.com/bid/93562"}, {"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971", "refsource": "CONFIRM", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"name": "RHSA-2016:2047", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"}, {"name": "RHSA-2016:2110", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"}, {"name": "[oss-security] 20161013 CVE Request: another recursion in GRE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"}, {"name": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"name": "RHSA-2017:0004", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1001486", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:27:41.223Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2016:2107", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"}, {"name": "RHSA-2017:0372", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:0372"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bto.bluecoat.com/security-advisory/sa134"}, {"name": "93562", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/93562"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"name": "RHSA-2016:2047", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"}, {"name": "RHSA-2016:2110", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"}, {"name": "[oss-security] 20161013 CVE Request: another recursion in GRE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"name": "RHSA-2017:0004", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2016-8666", "datePublished": "2016-10-16T21:00:00.000Z", "dateReserved": "2016-10-14T00:00:00.000Z", "dateUpdated": "2024-08-06T02:27:41.223Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "94939292-97B9-46BE-BF06-57D0DB7A8904", "versionEndExcluding": "3.16.35", "versionStartIncluding": "3.14", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1A82714-1C53-498D-94AA-DE9F6B577522", "versionEndExcluding": "3.18.47", "versionStartIncluding": "3.17", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "755C626E-7669-4E6E-BC91-2656E4740E66", "versionEndExcluding": "4.1.38", "versionStartIncluding": "3.19", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D23F7205-D265-429A-ACA9-F0FDAA8615A1", "versionEndExcluding": "4.4.29", "versionStartIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "628AFDA5-6C82-4DB8-8280-D1D7C58BBFE7", "versionEndExcluding": "4.6", "versionStartIncluding": "4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039."}, {"lang": "es", "value": "La pila IP en el kernel de Linux en versiones anteriores a 4.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de pila y p\u00e1nico) o tener otro posible impacto no especificado desencadenando uso de la ruta GRO para paquetes con apilamiento en t\u00fanel, como se demuestra por cabeceras IPv4 y cabeceras GRE intercaladas, un problema relacionado con CVE-2016-7039."}], "id": "CVE-2016-8666", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-10-16T21:59:15.523", "references": [{"source": "security@opentext.com", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"source": "security@opentext.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"}, {"source": "security@opentext.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"}, {"source": "security@opentext.com", "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"}, {"source": "security@opentext.com", "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"}, {"source": "security@opentext.com", "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"}, {"source": "security@opentext.com", "url": "http://www.securityfocus.com/bid/93562"}, {"source": "security@opentext.com", "url": "https://access.redhat.com/errata/RHSA-2017:0372"}, {"source": "security@opentext.com", "url": "https://bto.bluecoat.com/security-advisory/sa134"}, {"source": "security@opentext.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"}, {"source": "security@opentext.com", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"}, {"source": "security@opentext.com", "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2047.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2107.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-2110.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2017-0004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2016/10/13/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/93562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2017:0372"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bto.bluecoat.com/security-advisory/sa134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1001486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:2110", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-327.36.3.rt56.238.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-10-26T00:00:00Z"}, {"advisory": "RHSA-2016:2047", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-327.36.2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2016-10-10T00:00:00Z"}, {"advisory": "RHSA-2017:0372", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-aarch64-0:4.5.0-15.2.1.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-03-02T00:00:00Z"}, {"advisory": "RHSA-2017:0004", "cpe": "cpe:/o:redhat:rhel_eus:7.1", "package": "kernel-0:3.10.0-229.46.1.ael7b", "product_name": "Red Hat Enterprise Linux 7.1 Extended Update Support", "release_date": "2017-01-03T00:00:00Z"}, {"advisory": "RHSA-2016:2107", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-327.rt56.198.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2016-10-26T00:00:00Z"}], "bugzilla": {"description": "kernel: Remotely triggerable recursion in GRE code leading to kernel crash", "id": "1384991", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"}, "csaw": false, "cvss": {"cvss_base_score": "7.1", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-674", "details": ["The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.", "A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash."], "name": "CVE-2016-8666", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:rhel_eus:7.2", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux Extended Update Support 7.2"}], "public_date": "2016-10-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-8666\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8666"], "threat_severity": "Important"}

{}