CVE-2016-7039

7.5HIGH

Key Information:

Vendor
Oracle
Status
Vm Server
Linux
Vendor
CVE Published:
16 October 2016

Summary

The IP stack in the Linux kernel through 4.8.2 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666.

References

http://rhn.redhat.com/errata/RHSA-2016-2107.html
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:0372
vendor-advisoryx_refsource_REDHAT
https://bto.bluecoat.com/security-advisory/sa134
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.