{
  "threat_severity" : "Moderate",
  "public_date" : "2011-09-28T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: ext4: ext4_ext_insert_extent() kernel oops",
    "id" : "747942",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747942"
  },
  "cvss" : {
    "cvss_base_score" : "4.0",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations." ],
  "statement" : "This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit 667eff35 that addressed this issue. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2012-0107.html and https://rhn.redhat.com/errata/RHSA-2011-1530.html.",
  "acknowledgement" : "Red Hat would like to thank Zheng Liu for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-02-09T00:00:00Z",
    "advisory" : "RHSA-2012:0107",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-274.18.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5.6 EUS - Server Only",
    "release_date" : "2012-04-24T00:00:00Z",
    "advisory" : "RHSA-2012:0517",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.6",
    "package" : "kernel-0:2.6.18-238.37.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2011-12-05T00:00:00Z",
    "advisory" : "RHSA-2011:1530",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-220.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.1 EUS - Server Only",
    "release_date" : "2012-02-15T00:00:00Z",
    "advisory" : "RHSA-2012:0116",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.1",
    "package" : "kernel-0:2.6.32-131.25.1.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-3638\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3638" ],
  "name" : "CVE-2011-3638",
  "csaw" : false
}