says it can be "exploited to cause a buffer overflow" -- whatever that's supposed to mean
It also mentions another KVM vulnerability with the wrong classification -- the vulnerability allows for (at minimum) arbitrary code execution on the guest kernel, by way of arbitrary read+write.
I can't access the NIST site right now, but here's a cache: http://188.8.131.52/search?q=cache:2DcOTGcDJ6EJ:web.nvd....
"Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) via a "big size data" to the perf_counter_open system call."
All mentions of a CVSS for the vulnerability use the original metric from when it was declared a DoS only.
Public exploits shouldn't be required for obvious vulnerabilities to be classified properly.