CVE-2016-8666
- Source
- https://cve.org/CVERecord?id=CVE-2016-8666
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8666.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2016-8666
- Downstream
- Related
- Published
- 2016-10-16T21:59:15.523Z
- Modified
- 2026-02-24T11:24:52.741983Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.
- References
-
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971
- http://www.openwall.com/lists/oss-security/2016/10/13/11
- http://www.securityfocus.com/bid/93562
- http://rhn.redhat.com/errata/RHSA-2016-2047.html
- http://rhn.redhat.com/errata/RHSA-2016-2107.html
- http://rhn.redhat.com/errata/RHSA-2016-2110.html
- http://rhn.redhat.com/errata/RHSA-2017-0004.html
- https://access.redhat.com/errata/RHSA-2017:0372
- https://bto.bluecoat.com/security-advisory/sa134
- https://bugzilla.redhat.com/show_bug.cgi?id=1384991
- https://bugzilla.suse.com/show_bug.cgi?id=1001486
- https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedfac8e0f579695a3ecbc4d3cac369139d7f819971Introducedb562e44f507e863c6792946e4e1b1449fbbac85dFixed2dcd0af568b0cf583645c8a317dd12e344b1c72a
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8666.json"
vanir_signatures
[
{
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-259382d2",
"signature_version": "v1",
"digest": {
"length": 2233.0,
"function_hash": "247524964733488350420152046511910120885"
},
"target": {
"file": "net/core/dev.c",
"function": "dev_gro_receive"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-4721250f",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"249176785643557452442884978851523748235",
"257028942149061967667959654445541236034",
"66667855412438263171889294316708203602",
"164026961063951019701352219379318679388"
]
},
"target": {
"file": "net/core/dev.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-47fe630d",
"signature_version": "v1",
"digest": {
"length": 1352.0,
"function_hash": "27949585742113206404470841142496118798"
},
"target": {
"file": "net/ipv4/udp_offload.c",
"function": "udp_gro_receive"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-54164cab",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"69921249749497579414334997571845693913",
"73242328148188852236644489914557116860",
"155787348843271799968620119550124480744",
"235490656844333667493307562860146226722",
"3716871077713189981305310750222987089",
"3485606148321497239091509372207496935",
"227010806993098370522778823926728172397"
]
},
"target": {
"file": "net/ipv4/af_inet.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-5f1789c7",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60015907573828979577910730290065742946",
"301102921484503856192846612647177012184",
"124162596779621589107455784880562997562",
"20797182225821503396084756426175102972",
"73025151269656298868089234087090083133",
"156790540687500573322192696718223757906",
"184960780828382358208933195721418510327",
"134387759302202539416464956118383456512",
"81936296974206936926259657837249618860"
]
},
"target": {
"file": "net/ipv4/udp_offload.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-9f7a989b",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"39832896865355012141047196138177328830",
"293612097693036216970511477140682267640",
"140473335093839691239860871780577992364"
]
},
"target": {
"file": "net/ipv4/gre_offload.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-ca0e1a95",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"114340150458525434688457034484460377481",
"148265623112651102632469507969554621758",
"136572082323357124709728890006531322739",
"13466360289916412445518398196067985904"
]
},
"target": {
"file": "include/linux/netdevice.h"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-d5f24c5a",
"signature_version": "v1",
"digest": {
"length": 1678.0,
"function_hash": "98942477726476899360489854311838421600"
},
"target": {
"file": "net/ipv4/gre_offload.c",
"function": "gre_gro_receive"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git@fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-e8d040b5",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"223304638174434527543725479589880655430",
"312329821803994242505509634251786436198",
"88015852210112013771843715912612582749",
"273827971037643101048828716961123650211",
"148208076976031037801692422777221862760",
"2472298252405414795147346127446666913",
"176748118472822214888125128807642117659"
]
},
"target": {
"file": "net/ipv6/ip6_offload.c"
}
}
]
Git / github.com/torvalds/linux
Affected ranges
- Type
- GIT
- Repo
- https://github.com/torvalds/linux
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v2.*
v2.6.12
v2.6.12-rc2
v2.6.12-rc3
v2.6.12-rc4
v2.6.12-rc5
v2.6.12-rc6
v2.6.13
v2.6.13-rc1
v2.6.13-rc2
v2.6.13-rc3
v2.6.13-rc4
v2.6.13-rc5
v2.6.13-rc6
v2.6.13-rc7
v2.6.14
v2.6.14-rc1
v2.6.14-rc2
v2.6.14-rc3
v2.6.14-rc4
v2.6.14-rc5
v2.6.15
v2.6.15-rc1
v2.6.15-rc2
v2.6.15-rc3
v2.6.15-rc4
v2.6.15-rc5
v2.6.15-rc6
v2.6.15-rc7
v2.6.16
v2.6.16-rc1
v2.6.16-rc2
v2.6.16-rc3
v2.6.16-rc4
v2.6.16-rc5
v2.6.16-rc6
v2.6.17
v2.6.17-rc1
v2.6.17-rc2
v2.6.17-rc3
v2.6.17-rc4
v2.6.17-rc5
v2.6.17-rc6
v2.6.18
v2.6.18-rc1
v2.6.18-rc2
v2.6.18-rc3
v2.6.18-rc4
v2.6.18-rc5
v2.6.18-rc6
v2.6.18-rc7
v2.6.19
v2.6.19-rc1
v2.6.19-rc2
v2.6.19-rc3
v2.6.19-rc4
v2.6.19-rc5
v2.6.19-rc6
v2.6.20
v2.6.20-rc1
v2.6.20-rc2
v2.6.20-rc3
v2.6.20-rc4
v2.6.20-rc5
v2.6.20-rc6
v2.6.20-rc7
v2.6.21
v2.6.21-rc1
v2.6.21-rc2
v2.6.21-rc3
v2.6.21-rc4
v2.6.21-rc5
v2.6.21-rc6
v2.6.21-rc7
v2.6.22
v2.6.22-rc1
v2.6.22-rc2
v2.6.22-rc3
v2.6.22-rc4
v2.6.22-rc5
v2.6.22-rc6
v2.6.22-rc7
v2.6.23
v2.6.23-rc1
v2.6.23-rc2
v2.6.23-rc3
v2.6.23-rc4
v2.6.23-rc5
v2.6.23-rc6
v2.6.23-rc7
v2.6.23-rc8
v2.6.23-rc9
v2.6.24
v2.6.24-rc1
v2.6.24-rc2
v2.6.24-rc3
v2.6.24-rc4
v2.6.24-rc5
v2.6.24-rc6
v2.6.24-rc7
v2.6.24-rc8
v2.6.25
v2.6.25-rc1
v2.6.25-rc2
v2.6.25-rc3
v2.6.25-rc4
v2.6.25-rc5
v2.6.25-rc6
v2.6.25-rc7
v2.6.25-rc8
v2.6.25-rc9
v2.6.26
v2.6.26-rc1
v2.6.26-rc2
v2.6.26-rc3
v2.6.26-rc4
v2.6.26-rc5
v2.6.26-rc6
v2.6.26-rc7
v2.6.26-rc8
v2.6.26-rc9
v2.6.27
v2.6.27-rc1
v2.6.27-rc2
v2.6.27-rc3
v2.6.27-rc4
v2.6.27-rc5
v2.6.27-rc6
v2.6.27-rc7
v2.6.27-rc8
v2.6.27-rc9
v2.6.28
v2.6.28-rc1
v2.6.28-rc2
v2.6.28-rc3
v2.6.28-rc4
v2.6.28-rc5
v2.6.28-rc6
v2.6.28-rc7
v2.6.28-rc8
v2.6.28-rc9
v2.6.29
v2.6.29-rc1
v2.6.29-rc2
v2.6.29-rc3
v2.6.29-rc4
v2.6.29-rc5
v2.6.29-rc6
v2.6.29-rc7
v2.6.29-rc8
v2.6.30
v2.6.30-rc1
v2.6.30-rc2
v2.6.30-rc3
v2.6.30-rc4
v2.6.30-rc5
v2.6.30-rc6
v2.6.30-rc7
v2.6.30-rc8
v2.6.31
v2.6.31-rc1
v2.6.31-rc2
v2.6.31-rc3
v2.6.31-rc4
v2.6.31-rc5
v2.6.31-rc6
v2.6.31-rc7
v2.6.31-rc8
v2.6.31-rc9
v2.6.32
v2.6.32-rc1
v2.6.32-rc2
v2.6.32-rc3
v2.6.32-rc4
v2.6.32-rc5
v2.6.32-rc6
v2.6.32-rc7
v2.6.32-rc8
v2.6.33
v2.6.33-rc1
v2.6.33-rc2
v2.6.33-rc3
v2.6.33-rc4
v2.6.33-rc5
v2.6.33-rc6
v2.6.33-rc7
v2.6.33-rc8
v2.6.34
v2.6.34-rc1
v2.6.34-rc2
v2.6.34-rc3
v2.6.34-rc4
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v2.6.35
v2.6.35-rc1
v2.6.35-rc2
v2.6.35-rc3
v2.6.35-rc4
v2.6.35-rc5
v2.6.35-rc6
v2.6.36
v2.6.36-rc1
v2.6.36-rc2
v2.6.36-rc3
v2.6.36-rc4
v2.6.36-rc5
v2.6.36-rc6
v2.6.36-rc7
v2.6.36-rc8
v2.6.37
v2.6.37-rc1
v2.6.37-rc2
v2.6.37-rc3
v2.6.37-rc4
v2.6.37-rc5
v2.6.37-rc6
v2.6.37-rc7
v2.6.37-rc8
v2.6.38
v2.6.38-rc1
v2.6.38-rc2
v2.6.38-rc3
v2.6.38-rc4
v2.6.38-rc5
v2.6.38-rc6
v2.6.38-rc7
v2.6.38-rc8
v2.6.39
v2.6.39-rc1
v2.6.39-rc2
v2.6.39-rc3
v2.6.39-rc4
v2.6.39-rc5
v2.6.39-rc6
v2.6.39-rc7
v3.*
v3.0
v3.0-rc1
v3.0-rc2
v3.0-rc3
v3.0-rc4
v3.0-rc5
v3.0-rc6
v3.0-rc7
v3.1
v3.1-rc1
v3.1-rc10
v3.1-rc2
v3.1-rc3
v3.1-rc4
v3.1-rc5
v3.1-rc6
v3.1-rc7
v3.1-rc8
v3.1-rc9
v3.10
v3.10-rc1
v3.10-rc2
v3.10-rc3
v3.10-rc4
v3.10-rc5
v3.10-rc6
v3.10-rc7
v3.11
v3.11-rc1
v3.11-rc2
v3.11-rc3
v3.11-rc4
v3.11-rc5
v3.11-rc6
v3.11-rc7
v3.12
v3.12-rc1
v3.12-rc2
v3.12-rc3
v3.12-rc4
v3.12-rc5
v3.12-rc6
v3.12-rc7
v3.13
v3.13-rc1
v3.13-rc2
v3.13-rc3
v3.13-rc4
v3.13-rc5
v3.13-rc6
v3.13-rc7
v3.13-rc8
v3.14
v3.14-rc1
v3.14-rc2
v3.14-rc3
v3.14-rc4
v3.14-rc5
v3.14-rc6
v3.14-rc7
v3.14-rc8
v3.15
v3.15-rc1
v3.15-rc2
v3.15-rc3
v3.15-rc4
v3.15-rc5
v3.15-rc6
v3.15-rc7
v3.15-rc8
v3.16
v3.16-rc1
v3.16-rc2
v3.16-rc3
v3.16-rc4
v3.16-rc5
v3.16-rc6
v3.16-rc7
v3.17
v3.17-rc1
v3.17-rc2
v3.17-rc3
v3.17-rc4
v3.17-rc5
v3.17-rc6
v3.17-rc7
v3.18
v3.18-rc1
v3.18-rc2
v3.18-rc3
v3.18-rc4
v3.18-rc5
v3.18-rc6
v3.18-rc7
v3.19
v3.19-rc1
v3.19-rc2
v3.19-rc3
v3.19-rc4
v3.19-rc5
v3.19-rc6
v3.19-rc7
v3.2
v3.2-rc1
v3.2-rc2
v3.2-rc3
v3.2-rc4
v3.2-rc5
v3.2-rc6
v3.2-rc7
v3.3
v3.3-rc1
v3.3-rc2
v3.3-rc3
v3.3-rc4
v3.3-rc5
v3.3-rc6
v3.3-rc7
v3.4
v3.4-rc1
v3.4-rc2
v3.4-rc3
v3.4-rc4
v3.4-rc5
v3.4-rc6
v3.4-rc7
v3.5
v3.5-rc1
v3.5-rc2
v3.5-rc3
v3.5-rc4
v3.5-rc5
v3.5-rc6
v3.5-rc7
v3.6
v3.6-rc1
v3.6-rc2
v3.6-rc3
v3.6-rc4
v3.6-rc5
v3.6-rc6
v3.6-rc7
v3.7
v3.7-rc1
v3.7-rc2
v3.7-rc3
v3.7-rc4
v3.7-rc5
v3.7-rc6
v3.7-rc7
v3.7-rc8
v3.8
v3.8-rc1
v3.8-rc2
v3.8-rc3
v3.8-rc4
v3.8-rc5
v3.8-rc6
v3.8-rc7
v3.9
v3.9-rc1
v3.9-rc2
v3.9-rc3
v3.9-rc4
v3.9-rc5
v3.9-rc6
v3.9-rc7
v3.9-rc8
v4.*
v4.0
v4.0-rc1
v4.0-rc2
v4.0-rc3
v4.0-rc4
v4.0-rc5
v4.0-rc6
v4.0-rc7
v4.1
v4.1-rc1
v4.1-rc2
v4.1-rc3
v4.1-rc4
v4.1-rc5
v4.1-rc6
v4.1-rc7
v4.1-rc8
v4.2
v4.2-rc1
v4.2-rc2
v4.2-rc3
v4.2-rc4
v4.2-rc5
v4.2-rc6
v4.2-rc7
v4.2-rc8
v4.3
v4.3-rc1
v4.3-rc2
v4.3-rc3
v4.3-rc4
v4.3-rc5
v4.3-rc6
v4.3-rc7
v4.4
v4.4-rc1
v4.4-rc2
v4.4-rc3
v4.4-rc4
v4.4-rc5
v4.4-rc6
v4.4-rc7
v4.4-rc8
v4.5
v4.5-rc1
v4.5-rc2
v4.5-rc3
v4.5-rc4
v4.5-rc5
v4.5-rc6
v4.5-rc7
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-8666.json"
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-1c02cf93",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"249176785643557452442884978851523748235",
"257028942149061967667959654445541236034",
"66667855412438263171889294316708203602",
"164026961063951019701352219379318679388"
]
},
"target": {
"file": "net/core/dev.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-241c99f2",
"signature_version": "v1",
"digest": {
"length": 2233.0,
"function_hash": "247524964733488350420152046511910120885"
},
"target": {
"file": "net/core/dev.c",
"function": "dev_gro_receive"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-436a95a4",
"signature_version": "v1",
"digest": {
"length": 1352.0,
"function_hash": "27949585742113206404470841142496118798"
},
"target": {
"file": "net/ipv4/udp_offload.c",
"function": "udp_gro_receive"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-4a1cfb2b",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"223304638174434527543725479589880655430",
"312329821803994242505509634251786436198",
"88015852210112013771843715912612582749",
"273827971037643101048828716961123650211",
"148208076976031037801692422777221862760",
"2472298252405414795147346127446666913",
"176748118472822214888125128807642117659"
]
},
"target": {
"file": "net/ipv6/ip6_offload.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-9a45a086",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"60015907573828979577910730290065742946",
"301102921484503856192846612647177012184",
"124162596779621589107455784880562997562",
"20797182225821503396084756426175102972",
"73025151269656298868089234087090083133",
"156790540687500573322192696718223757906",
"184960780828382358208933195721418510327",
"134387759302202539416464956118383456512",
"81936296974206936926259657837249618860"
]
},
"target": {
"file": "net/ipv4/udp_offload.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-a1639f25",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"114340150458525434688457034484460377481",
"148265623112651102632469507969554621758",
"136572082323357124709728890006531322739",
"13466360289916412445518398196067985904"
]
},
"target": {
"file": "include/linux/netdevice.h"
}
},
{
"signature_type": "Function",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-a93e1331",
"signature_version": "v1",
"digest": {
"length": 1678.0,
"function_hash": "98942477726476899360489854311838421600"
},
"target": {
"file": "net/ipv4/gre_offload.c",
"function": "gre_gro_receive"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-c0e70bff",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"39832896865355012141047196138177328830",
"293612097693036216970511477140682267640",
"140473335093839691239860871780577992364"
]
},
"target": {
"file": "net/ipv4/gre_offload.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"source": "https://github.com/torvalds/linux/commit/fac8e0f579695a3ecbc4d3cac369139d7f819971",
"id": "CVE-2016-8666-d40d2795",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"69921249749497579414334997571845693913",
"73242328148188852236644489914557116860",
"155787348843271799968620119550124480744",
"235490656844333667493307562860146226722",
"3716871077713189981305310750222987089",
"3485606148321497239091509372207496935",
"227010806993098370522778823926728172397"
]
},
"target": {
"file": "net/ipv4/af_inet.c"
}
}
]