{ "threat_severity" : "Moderate", "public_date" : "2011-03-19T00:00:00Z", "bugzilla" : { "description" : "kernel: perf, x86: fix Intel fixed counters base initialization", "id" : "719228", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=719228" }, "cvss" : { "cvss_base_score" : "4.9", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "status" : "verified" }, "details" : [ "The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c in the Performance Events subsystem in the Linux kernel before 2.6.39 does not properly calculate counter values, which allows local users to cause a denial of service (panic) via the perf program." ], "statement" : "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit 41bf498 that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1350.html.", "acknowledgement" : "Red Hat would like to thank Li Yu for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2011-10-05T00:00:00Z", "advisory" : "RHSA-2011:1350", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-131.17.1.el6" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 4", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:4" }, { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Not affected", "package_name" : "realtime-kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-2521\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-2521" ], "name" : "CVE-2011-2521", "csaw" : false }