CVE-2016-7039

CWE-399CWE-674Uncontrolled Recursion21 documents9 sources
Severity
7.5HIGH
EPSS
1.2%
top 21.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux Linux KernelOracle LinuxOracle VM Server
Timeline
PublishedOct 16
Latest updateMay 13

Description

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

NVDlinux/linux_kernel4.04.1.37+2
Debianlinux< 4.7.8-1+3
Ubuntulinux< 3.13.0-98.145+1
Ubuntulinux-raspi2< 4.4.0-1027.33
Ubuntulinux-snapdragon< 4.4.0-1030.33

Patches

Patch: www.openwall.comPatch: patchwork.ozlabs.orgPatch: www.openwall.com

🔴Vulnerability Details

9
GHSA
GHSA-3rm9-rm94-6p3r: The IP stack in the Linux kernel through 42022-05-13
Kernel
net: add recursion limit to GRO2016-10-20
CVEList
CVE-2016-7039: The IP stack in the Linux kernel through 42016-10-16
OSV
CVE-2016-7039: The IP stack in the Linux kernel through 42016-10-16
OSV
linux-raspi2 vulnerabilities2016-10-11

📋Vendor Advisories

9
Red Hat
kernel: Remotely triggerable recursion in GRE code leading to kernel crash2016-10-13
Ubuntu
Linux kernel (Xenial HWE) vulnerabilities2016-10-11
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities2016-10-11
Ubuntu
Linux kernel (Qualcomm Snapdragon) vulnerabilities2016-10-11
Ubuntu
Linux kernel vulnerabilities2016-10-11

💬Community

2
Bugzilla
CVE-2016-7039 kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash [fedora-all]2016-10-10
Bugzilla
CVE-2016-7039 kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crash2016-09-14
CVE-2016-7039 (HIGH CVSS 7.5) | The IP stack in the Linux kernel th | cvebase.io