{
  "threat_severity" : "Moderate",
  "public_date" : "2011-11-01T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: jbd/jbd2: invalid value of first log block leads to oops",
    "id" : "753341",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=753341"
  },
  "cvss" : {
    "cvss_base_score" : "4.7",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allows local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an \"invalid log first block value.\"" ],
  "statement" : "This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,\n5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat\nEnterprise Linux 4 is now in Production 3 of the maintenance life-cycle,\nhttps://access.redhat.com/support/policy/updates/errata/, therefore the fix for\nthis issue is not currently planned to be included in the future updates.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-01-10T00:00:00Z",
    "advisory" : "RHSA-2012:0007",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-274.17.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-03-06T00:00:00Z",
    "advisory" : "RHSA-2012:0350",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-220.7.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2012-01-10T00:00:00Z",
    "advisory" : "RHSA-2012:0010",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:2.6.33.9-rt31.79.el6rt"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2012-02-23T00:00:00Z",
    "advisory" : "RHSA-2012:0333",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.0.18-rt34.53.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.2",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-4132\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-4132" ],
  "name" : "CVE-2011-4132",
  "csaw" : false
}