CVE-2016-7039

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
oraclevm_server
3.4
linuxlinux_kernel
4.0 ≤
𝑥
< 4.1.37
linuxlinux_kernel
4.2 ≤
𝑥
< 4.4.32
linuxlinux_kernel
4.5 ≤
𝑥
< 4.8.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
5.10.223-1
fixed
jessie
not-affected
wheezy
not-affected
bullseye (security)
5.10.226-1
fixed
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
sid
6.11.5-1
fixed
trixie
6.11.5-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
yakkety
not-affected
xenial
Fixed 4.4.0-42.62
released
trusty
not-affected
precise
not-affected
linux-armadaxp
yakkety
dne
xenial
dne
trusty
dne
precise
not-affected
linux-aws
yakkety
dne
xenial
not-affected
trusty
not-affected
precise
dne
linux-flo
yakkety
not-affected
xenial
not-affected
trusty
dne
precise
dne
linux-gke
yakkety
dne
xenial
not-affected
trusty
dne
precise
dne
linux-goldfish
yakkety
not-affected
xenial
not-affected
trusty
dne
precise
dne
linux-grouper
yakkety
dne
xenial
dne
trusty
dne
precise
dne
linux-hwe
yakkety
dne
xenial
not-affected
trusty
dne
precise
dne
linux-hwe-edge
yakkety
dne
xenial
not-affected
trusty
dne
precise
dne
linux-linaro-omap
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
linux-linaro-shared
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
linux-linaro-vexpress
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
linux-lts-quantal
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
linux-lts-raring
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
linux-lts-saucy
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
linux-lts-trusty
yakkety
dne
xenial
dne
trusty
dne
precise
not-affected
linux-lts-utopic
yakkety
dne
xenial
dne
trusty
dne
precise
dne
linux-lts-vivid
yakkety
dne
xenial
dne
trusty
dne
precise
dne
linux-lts-wily
yakkety
dne
xenial
dne
trusty
dne
precise
dne
linux-lts-xenial
yakkety
dne
xenial
dne
trusty
Fixed 4.4.0-42.62~14.04.1
released
precise
dne
linux-maguro
yakkety
dne
xenial
dne
trusty
dne
precise
dne
linux-mako
yakkety
not-affected
xenial
not-affected
trusty
dne
precise
dne
linux-manta
yakkety
dne
xenial
dne
trusty
dne
precise
dne
linux-qcm-msm
yakkety
dne
xenial
dne
trusty
dne
precise
ignored
linux-raspi2
yakkety
not-affected
xenial
Fixed 4.4.0-1027.33
released
trusty
dne
precise
dne
linux-snapdragon
yakkety
Fixed 4.4.0-1032.36
released
xenial
Fixed 4.4.0-1030.33
released
trusty
dne
precise
dne
linux-ti-omap4
yakkety
dne
xenial
dne
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2016-2047.html
http://rhn.redhat.com/errata/RHSA-2016-2107.html
http://rhn.redhat.com/errata/RHSA-2016-2110.html
http://www.openwall.com/lists/oss-security/2016/10/10/15
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.securityfocus.com/bid/93476
https://access.redhat.com/errata/RHSA-2017:0372
https://bto.bluecoat.com/security-advisory/sa134
https://bugzilla.redhat.com/show_bug.cgi?id=1375944
https://patchwork.ozlabs.org/patch/680412/
http://rhn.redhat.com/errata/RHSA-2016-2047.html
http://rhn.redhat.com/errata/RHSA-2016-2107.html
http://rhn.redhat.com/errata/RHSA-2016-2110.html
http://www.openwall.com/lists/oss-security/2016/10/10/15
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
http://www.securityfocus.com/bid/93476
https://access.redhat.com/errata/RHSA-2017:0372
https://bto.bluecoat.com/security-advisory/sa134
https://bugzilla.redhat.com/show_bug.cgi?id=1375944
https://patchwork.ozlabs.org/patch/680412/