{
  "threat_severity" : "Important",
  "public_date" : "2016-10-13T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Remotely triggerable recursion in GRE code leading to kernel crash",
    "id" : "1384991",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1384991"
  },
  "cvss" : {
    "cvss_base_score" : "7.1",
    "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-674",
  "details" : [ "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.", "A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-26T00:00:00Z",
    "advisory" : "RHSA-2016:2110",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-327.36.3.rt56.238.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-10-10T00:00:00Z",
    "advisory" : "RHSA-2016:2047",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-327.36.2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-03-02T00:00:00Z",
    "advisory" : "RHSA-2017:0372",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-aarch64-0:4.5.0-15.2.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.1 Extended Update Support",
    "release_date" : "2017-01-03T00:00:00Z",
    "advisory" : "RHSA-2017:0004",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.1",
    "package" : "kernel-0:3.10.0-229.46.1.ael7b"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2016-10-26T00:00:00Z",
    "advisory" : "RHSA-2016:2107",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-327.rt56.198.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-8666\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-8666" ],
  "name" : "CVE-2016-8666",
  "csaw" : false
}