Vulnerability Details : CVE-2016-7039
The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
Vulnerability category: Denial of service
Products affected by CVE-2016-7039
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-7039
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-7039
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-7039
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-7039
-
https://bto.bluecoat.com/security-advisory/sa134
SA134 : Linux Kernel Vulnerabilities Oct/Nov 2016Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:0372
Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2110.html
RHSA-2016:2110 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1375944
1375944 – (CVE-2016-7039) CVE-2016-7039 kernel: remotely triggerable unbounded recursion in the vlan gro code leading to a kernel crashIssue Tracking;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Oracle VM Server for x86 Bulletin - October 2016Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Oracle Linux Bulletin - October 2016Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2107.html
RHSA-2016:2107 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2047.html
Third Party Advisory
-
https://patchwork.ozlabs.org/patch/680412/
[net] net: add recursion limit to GRO - PatchworkIssue Tracking;Patch
-
http://www.securityfocus.com/bid/93476
Linux Kernel CVE-2016-7039 Stack Overflow Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2016/10/10/15
oss-security - CVE-2016-7039 Kernel: net: unbounded recursion in the vlan GRO processingMailing List;Patch;Third Party Advisory
Jump to