Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 605232 (CVE-2016-8666)

Summary: kernel: Remotely triggerable recursion in GRE code leading to kernel crash
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: KernelAssignee: Gentoo Kernel Security <security-kernel>
Status: RESOLVED FIXED    
Severity: normal CC: kernel
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.openwall.com/lists/oss-security/2016/10/13/11
See Also: https://bugs.gentoo.org/show_bug.cgi?id=605234
Whiteboard:
Package list:
Runtime testing required: ---

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-10 01:38:40 UTC 
A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-10 01:42:56 UTC 
Fixed by: https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971 (4.6)

Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40 (3.13)


sys-kernel/gentoo-sources overview:
4.4:  Fixed since 4.4.29 (5699b3431e0b14736867484b8669ead2d40f575e)
4.1:  -
3.18: -
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-10 01:44:26 UTC 
There's currently some media attention regarding increased GRE traffic which could be related to the recent published advisories, see https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 22:54:36 UTC 
Fixed in 4.6