{
  "threat_severity" : "Moderate",
  "public_date" : "2011-03-24T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: thp: madvise on top of /dev/zero private mapping can lead to panic",
    "id" : "714761",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=714761"
  },
  "cvss" : {
    "cvss_base_score" : "4.9",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application." ],
  "statement" : "The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected because they do not provide support for THP (Transparent Huge Pages). This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0928.html.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-07-12T00:00:00Z",
    "advisory" : "RHSA-2011:0928",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-131.6.1.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-2479\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2479" ],
  "name" : "CVE-2011-2479",
  "csaw" : false
}