{
  "threat_severity" : "Low",
  "public_date" : "2011-03-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: fs/partitions: Corrupted OSF partition table infoleak",
    "id" : "688021",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=688021"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The osf_partition function in fs/partitions/osf.c in the Linux kernel before 2.6.38 does not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing." ],
  "statement" : "This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for\nthis issue is not currently planned to be included in the future updates.",
  "acknowledgement" : "Red Hat would like to thank Timo Warns for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "MRG for RHEL-5",
    "release_date" : "2011-05-10T00:00:00Z",
    "advisory" : "RHSA-2011:0500",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:1::el5",
    "package" : "kernel-rt-0:2.6.33.9-rt31.64.el5rt"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-05-31T00:00:00Z",
    "advisory" : "RHSA-2011:0833",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-238.12.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-05-19T00:00:00Z",
    "advisory" : "RHSA-2011:0542",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-131.0.15.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.0 EUS - Server Only",
    "release_date" : "2011-06-21T00:00:00Z",
    "advisory" : "RHSA-2011:0883",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.0",
    "package" : "kernel-0:2.6.32-71.31.1.el6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1163\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1163" ],
  "name" : "CVE-2011-1163",
  "csaw" : false
}