{
  "threat_severity" : "Moderate",
  "public_date" : "2011-10-12T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: tty: driver reference leakage in tty_open",
    "id" : "1201887",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1201887"
  },
  "cvss" : {
    "cvss_base_score" : "4.7",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "The tty_open function in drivers/tty/tty_io.c in the Linux kernel before 3.1.1 mishandles a driver-lookup failure, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via crafted access to a device file under the /dev/pts directory.", "A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system." ],
  "statement" : "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 7 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with Red Hat\nEnterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6\nmay address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-14T00:00:00Z",
    "advisory" : "RHSA-2015:1221",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-504.30.3.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2011-5321\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-5321" ],
  "name" : "CVE-2011-5321",
  "csaw" : false
}