Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 605232 (CVE-2016-8666) - kernel: Remotely triggerable recursion in GRE code leading to kernel crash
Summary: kernel: Remotely triggerable recursion in GRE code leading to kernel crash
Status: RESOLVED FIXED
Alias: CVE-2016-8666
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-10 01:38 UTC by Thomas Deutschmann (RETIRED)
Modified: 2022-03-25 22:54 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-10 01:38:40 UTC
A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-10 01:42:56 UTC
Fixed by: https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971 (4.6)

Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40 (3.13)


sys-kernel/gentoo-sources overview:
4.4:  Fixed since 4.4.29 (5699b3431e0b14736867484b8669ead2d40f575e)
4.1:  -
3.18: -
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-10 01:44:26 UTC
There's currently some media attention regarding increased GRE traffic which could be related to the recent published advisories, see https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-25 22:54:36 UTC
Fixed in 4.6