ALAS-2016-762 ---- kernel perfID: oval:org.secpod.oval:def:1600467 | Date: (C)2016-11-11 (M)2023-12-20 |
Class: PATCH | Family: unix |
The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 . Linux kernel built with the 802.1Q/802.1ad VLAN OR Virtual eXtensible Local Area Network with Transparent Ethernet Bridging GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel
Platform: |
Amazon Linux AMI |