{
  "threat_severity" : "Moderate",
  "public_date" : "2011-11-05T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: nfs4_getfacl decoding kernel oops",
    "id" : "747106",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=747106"
  },
  "cvss" : {
    "cvss_base_score" : "4.6",
    "cvss_scoring_vector" : "AV:A/AC:H/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words." ],
  "statement" : "This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it does not provide support for NFS ACLs. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html. Future kernel updates in Red Hat Enterprise Linux 6 may address this issue.",
  "acknowledgement" : "Red Hat would like to thank Andy Adamson for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-06-19T00:00:00Z",
    "advisory" : "RHSA-2012:0862",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-279.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
    "release_date" : "2012-12-04T00:00:00Z",
    "advisory" : "RHSA-2012:1541",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.2",
    "package" : "kernel-0:2.6.32-220.30.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2012-02-23T00:00:00Z",
    "advisory" : "RHSA-2012:0333",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.0.18-rt34.53.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-4131\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4131" ],
  "name" : "CVE-2011-4131",
  "csaw" : false
}