Remotely triggerable unbounded recursion in GRE code was found. If a packet has the layout: IPv4 header | GRE header | IPv4 header | GRE header | ... depending on left over stack, it could run the kernel out of stack due to recursion and so crash the kernel. Reproducer: https://bugzilla.suse.com/show_bug.cgi?id=1001486#c5 https://bugzilla.suse.com/attachment.cgi?id=695327 Discussion threads: https://marc.info/?t=145920955700002&r=1&w=2 https://marc.info/?t=145928865300005&r=1&w=2 Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fac8e0f579695a3ecbc4d3cac369139d7f819971 CVE request+assignment: http://seclists.org/oss-sec/2016/q4/121 http://seclists.org/oss-sec/2016/q4/125
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1384995]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7.1 Extended Update Support Via RHSA-2017:0004 https://rhn.redhat.com/errata/RHSA-2017-0004.html