{
  "threat_severity" : "Moderate",
  "public_date" : "2011-02-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: thp: prevent hugepages during args/env copying into the user stack",
    "id" : "678209",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=678209"
  },
  "cvss" : {
    "cvss_base_score" : "4.9",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not prevent creation of a transparent huge page (THP) during the existence of a temporary stack for an exec system call, which allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact via a crafted application." ],
  "statement" : "This issue only affects Red Hat Enterprise Linux 6. The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include upstream commit 71e3aac0 that introduced the problem. We have addressed this in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0542.html.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0542",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-131.0.15.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.0 EUS - Server Only",
    "release_date" : "2011-06-21T00:00:00Z",
    "advisory" : "RHSA-2011:0883",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.0",
    "package" : "kernel-0:2.6.32-71.31.1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-0999\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-0999" ],
  "name" : "CVE-2011-0999",
  "csaw" : false
}