{
  "threat_severity" : "Low",
  "public_date" : "2011-04-13T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: corrupted GUID partition tables can cause kernel oops",
    "id" : "695976",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=695976"
  },
  "cvss" : {
    "cvss_base_score" : "4.9",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "Heap-based buffer overflow in the is_gpt_valid function in fs/partitions/efi.c in the Linux kernel 2.6.38 and earlier allows physically proximate attackers to cause a denial of service (OOPS) or possibly have unspecified other impact via a crafted size of the EFI GUID partition-table header on removable media." ],
  "statement" : "This issue affects the versions of Linux kernel as shipped with Red Hat\nEnterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.",
  "acknowledgement" : "Red Hat would like to thank Timo Warns for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2011-05-31T00:00:00Z",
    "advisory" : "RHSA-2011:0833",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-238.12.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-11-22T00:00:00Z",
    "advisory" : "RHSA-2011:1465",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-131.21.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2011-09-12T00:00:00Z",
    "advisory" : "RHSA-2011:1253",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:2.6.33.9-rt31.75.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise MRG 1",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1577\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1577" ],
  "name" : "CVE-2011-1577",
  "csaw" : false
}