CVE-2011-2525

Impact:
Moderate
Public Date:
2010-05-21
IAVA:
2012-A-0020
Bugzilla:
720552: CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify()

The MITRE CVE dictionary describes this issue as:

The qdisc_notify function in net/sched/sch_api.c in the Linux kernel before 2.6.35 does not prevent tc_fill_qdisc function calls referencing builtin (aka CQ_F_BUILTIN) Qdisc structures, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a crafted call.

Find out more about CVE-2011-2525 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This flaw affects Red Hat Enterprise Linux 4 and 5. It did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have already backported the upstream commit 53b0f080 that addressed this flaw. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1065.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.

CVSS v2 metrics

Base Score 4.9
Base Metrics AV:L/AC:L/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (kernel) RHSA-2011:1163 2011-08-16
Red Hat Enterprise Linux EUS (v. 5.6 server) RHSA-2011:1163 2011-08-16
Red Hat Enterprise Linux 5 (kernel) RHSA-2011:1065 2011-07-21

Affected Packages State

Platform Package State
Red Hat Enterprise MRG 2 realtime-kernel Not affected
Red Hat Enterprise Linux 6 kernel Not affected
Red Hat Enterprise Linux 4 kernel Will not fix

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.