Vulnerability Details : CVE-2016-8666
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
Vulnerability category: Denial of service
Products affected by CVE-2016-8666
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-8666
Top countries where our scanners detected CVE-2016-8666
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2016-8666 10,336
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-8666!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-8666
8.75%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8666
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-8666
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8666
-
https://bto.bluecoat.com/security-advisory/sa134
SA134 : Linux Kernel Vulnerabilities Oct/Nov 2016Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:0372
Red Hat Customer PortalThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/10/13/11
oss-security - CVE Request: another recursion in GREMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2110.html
RHSA-2016:2110 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
kernel/git/torvalds/linux.git - Linux kernel source treeIssue Tracking;Patch;Vendor Advisory
-
https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971
tunnels: Don't apply GRO to multiple layers of encapsulation. · torvalds/linux@fac8e0f · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2107.html
RHSA-2016:2107 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2047.html
Third Party Advisory
-
http://www.securityfocus.com/bid/93562
Linux Kernel CVE-2016-8666 Stack Overflow Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2017-0004.html
RHSA-2017:0004 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.suse.com/show_bug.cgi?id=1001486
Bug 1001486 – VUL-0: CVE-2016-7039, CVE-2016-8666: kernel-source: remote crash via stack overflowIssue Tracking;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1384991
1384991 – (CVE-2016-8666) CVE-2016-8666 kernel: Remotely triggerable recursion in GRE code leading to kernel crashIssue Tracking;Third Party Advisory
Jump to