{
  "threat_severity" : "Moderate",
  "public_date" : "2016-03-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ipv4: denial of service when destroying a network interface",
    "id" : "1318172",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1318172"
  },
  "cvss" : {
    "cvss_base_score" : "1.7",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:S/C:N/I:N/A:P",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.", "A security flaw was found in the Linux kernel's networking subsystem that destroying the network interface with huge number of ipv4 addresses assigned keeps \"rtnl_lock\" spinlock for a very long time (up to hour). This blocks many network-related operations, including creation of new incoming ssh connections.\nThe problem is especially important for containers, as the container owner has enough permissions to trigger this and block a network access on a whole host, outside the container." ],
  "statement" : "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates, as the Linux containers which the flaw affects are not supported in these products. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future Linux kernel updates for the respective releases might address this issue.",
  "acknowledgement" : "Red Hat would like to thank Solar Designer (Openwall) and the Virtuozzo kernel team for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2584",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-514.rt56.420.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2574",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-514.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-3156\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-3156" ],
  "name" : "CVE-2016-3156",
  "csaw" : false
}