{ "threat_severity" : "Important", "public_date" : "2011-03-14T00:00:00Z", "bugzilla" : { "description" : "kernel: bonding: Incorrect TX queue offset", "id" : "696029", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=696029" }, "cvss" : { "cvss_base_score" : "4.6", "cvss_scoring_vector" : "AV:A/AC:H/Au:N/C:N/I:N/A:C", "status" : "verified" }, "details" : [ "The bond_select_queue function in drivers/net/bonding/bond_main.c in the Linux kernel before 2.6.39, when a network device with a large number of receive queues is installed but the default tx_queues setting is used, does not properly restrict queue indexes, which allows remote attackers to cause a denial of service (BUG and system crash) or possibly have unspecified other impact by sending network traffic." ], "statement" : "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit bb1d9123 that introduced this issue. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2011-05-19T00:00:00Z", "advisory" : "RHSA-2011:0542", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-131.0.15.el6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 4", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:4" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise MRG 1", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/a:redhat:enterprise_mrg:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-1581\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-1581" ], "name" : "CVE-2011-1581", "csaw" : false }