{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-02-17T00:00:00", "descriptions": [{"lang": "en", "value": "mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20110217 CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/17/3"}, {"name": "46442", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46442"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678209"}, {"name": "[oss-security] 20110217 Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/02/17/6"}, {"name": "kernel-hugepages-dos(65535)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65535"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:14:26.799Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20110217 CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/17/3"}, {"name": "46442", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46442"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678209"}, {"name": "[oss-security] 20110217 Re: CVE request - kernel: thp: prevent hugepages during args/env copying into the user stack", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/02/17/6"}, {"name": "kernel-hugepages-dos(65535)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65535"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-0999", "datePublished": "2011-02-23T18:00:00", "dateReserved": "2011-02-14T00:00:00", "dateUpdated": "2024-08-06T22:14:26.799Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9988A98F-3440-467E-8ADA-1E413DC25C21", "versionEndExcluding": "2.6.38", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:-:*:*:*:*:*:*", "matchCriteriaId": "985DC743-744A-429F-8098-EFCC91DFB6F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc1:*:*:*:*:*:*", "matchCriteriaId": "2DDCB342-4F5F-4BF1-9624-882BBC57330D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc2:*:*:*:*:*:*", "matchCriteriaId": "C3AB4113-BF83-4587-8A85-0E4FECEE7D9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc3:*:*:*:*:*:*", "matchCriteriaId": "4B57F5AD-A697-4090-89B9-81BC12993A1A", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.38:rc4:*:*:*:*:*:*", "matchCriteriaId": "CA141BCB-A705-4DF5-9EED-746B62C86111", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application."}, {"lang": "es", "value": "mm/huge_memory.c en el kernel de Linux anterior a f2.6.38-rc5 no impide la creaci\u00f3n de una transparent huge page (THP) durante la existencia de una pila temporal para una llamada al sistema exec, que permite a usuarios locales causar una denegaci\u00f3n de servicio (consumo de memoria) o posiblemente tener un impacto no especificado a trav\u00e9s de una aplicaci\u00f3n manipulado."}], "id": "CVE-2011-0999", "lastModified": "2023-02-13T03:23:18.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-02-23T19:00:02.093", "references": [{"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a7d6e4ecdb7648478ddec76d30d87d03d6e22b31"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/02/17/3"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2011/02/17/6"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/46442"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678209"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65535"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0542", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-131.0.15.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-05-19T00:00:00Z"}, {"advisory": "RHSA-2011:0883", "cpe": "cpe:/o:redhat:rhel_eus:6.0", "package": "kernel-0:2.6.32-71.31.1.el6", "product_name": "Red Hat Enterprise Linux 6.0 EUS - Server Only", "release_date": "2011-06-21T00:00:00Z"}], "bugzilla": {"description": "kernel: thp: prevent hugepages during args/env copying into the user stack", "id": "678209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678209"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application."], "name": "CVE-2011-0999", "public_date": "2011-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-0999\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0999"], "statement": "This issue only affects Red Hat Enterprise Linux 6. The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include upstream commit 71e3aac0 that introduced the problem. We have addressed this in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0542.html.", "threat_severity": "Moderate"}