{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2013-03-01T11:00:00Z"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f11a255749d09025f54d4e2df4fbcb031530e2"}, {"name": "[oss-security] 20110620 Re: CVE request: kernel: thp: madvise on top of /dev/zero private mapping can lead to panic", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/06/20/14"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714761"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/78f11a255749d09025f54d4e2df4fbcb031530e2"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:00:34.049Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f11a255749d09025f54d4e2df4fbcb031530e2"}, {"name": "[oss-security] 20110620 Re: CVE request: kernel: thp: madvise on top of /dev/zero private mapping can lead to panic", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/06/20/14"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714761"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/78f11a255749d09025f54d4e2df4fbcb031530e2"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-2479", "state": "PUBLISHED", "dateReserved": "2011-06-15T00:00:00Z", "datePublished": "2013-03-01T11:00:00Z", "dateUpdated": "2024-08-06T23:00:34.049Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "176353CE-F17E-4776-AD9F-19014DA75B76", "versionEndExcluding": "2.6.39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application."}, {"lang": "es", "value": "El kernel de Linux anterior a v2.6.39 no crea correctamente p\u00e1ginas grandes en respuesta a una llamada al sistema mmap MAP_PRIVATE en /dev/zero, permitiendo a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda del sistema) a trav\u00e9s de una aplicaci\u00f3n especialmente dise\u00f1ada."}], "id": "CVE-2011-2479", "lastModified": "2024-11-21T01:28:22.213", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2013-03-01T12:37:53.693", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"source": "secalert@redhat.com", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f11a255749d09025f54d4e2df4fbcb031530e2"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/06/20/14"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714761"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/78f11a255749d09025f54d4e2df4fbcb031530e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=78f11a255749d09025f54d4e2df4fbcb031530e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2011/06/20/14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714761"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/78f11a255749d09025f54d4e2df4fbcb031530e2"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2011:0928", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-131.6.1.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2011-07-12T00:00:00Z"}], "bugzilla": {"description": "kernel: thp: madvise on top of /dev/zero private mapping can lead to panic", "id": "714761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=714761"}, "csaw": false, "cvss": {"cvss_base_score": "4.9", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status": "verified"}, "details": ["The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application."], "name": "CVE-2011-2479", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2011-03-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-2479\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2479"], "statement": "The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected because they do not provide support for THP (Transparent Huge Pages). This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0928.html.", "threat_severity": "Moderate"}