Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2013-3076
Vulnerability from cvelistv5
Published
2013-04-22 10:00
Modified
2024-08-06 16:00
Severity ?
EPSS score ?
Summary
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:00:09.757Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:1187",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
},
{
"name": "FEDORA-2013-6537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
},
{
"name": "FEDORA-2013-6999",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
},
{
"name": "USN-1837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1837-1"
},
{
"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe"
},
{
"name": "SUSE-SU-2013:1182",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-28T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2013:1187",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
},
{
"name": "FEDORA-2013-6537",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
},
{
"name": "FEDORA-2013-6999",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
},
{
"name": "USN-1837-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1837-1"
},
{
"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe"
},
{
"name": "SUSE-SU-2013:1182",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1187",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
},
{
"name": "FEDORA-2013-6537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
},
{
"name": "FEDORA-2013-6999",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
},
{
"name": "USN-1837-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1837-1"
},
{
"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"
},
{
"name": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe"
},
{
"name": "SUSE-SU-2013:1182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3076",
"datePublished": "2013-04-22T10:00:00",
"dateReserved": "2013-04-15T00:00:00",
"dateUpdated": "2024-08-06T16:00:09.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2013-3076\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-04-22T11:40:59.133\",\"lastModified\":\"2024-11-21T01:52:57.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.\"},{\"lang\":\"es\",\"value\":\"La API crypto en el kernel de Linux hasta v3.9-rc8 no inicializa cierta longitud de variables, permitiendo a usuarios locales obtener informaci\u00f3n sensible desde la pila del kernel mediante una syscall recvmsg o recvfrom especialmente dise\u00f1ada, relacionado con la funci\u00f3n hash_recvmsg en crypto/algif_hash.c y la funci\u00f3n skcipher_recvmsg en crypto/algif_skcipher.c.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:rc7:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.9\",\"matchCriteriaId\":\"10A36153-A19D-4D19-A186-4B181C6304F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"42633FF9-FB0C-4095-B4A1-8D623A98683B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"08C04619-89A2-4B15-82A2-48BCC662C1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B039196-7159-476C-876A-C61242CC41DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A9E0457-53C9-44DD-ACFB-31EE1D1E060E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEE406E7-87BA-44BA-BF61-673E6CC44A2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"29FBA173-658F-45DC-8205-934CACD67166\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/04/14/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1837-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/04/14/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1837-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
gsd-2013-3076
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-3076",
"description": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.",
"id": "GSD-2013-3076",
"references": [
"https://www.suse.com/security/cve/CVE-2013-3076.html",
"https://www.debian.org/security/2013/dsa-2669",
"https://access.redhat.com/errata/RHSA-2013:0829",
"https://linux.oracle.com/cve/CVE-2013-3076.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-3076"
],
"details": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.",
"id": "GSD-2013-3076",
"modified": "2023-12-13T01:22:22.632116Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1187",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
},
{
"name": "FEDORA-2013-6537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
},
{
"name": "FEDORA-2013-6999",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
},
{
"name": "USN-1837-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1837-1"
},
{
"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"
},
{
"name": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe"
},
{
"name": "SUSE-SU-2013:1182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc6:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:3.9:rc5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:rc7:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.9",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3076"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe",
"refsource": "CONFIRM",
"tags": [],
"url": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe"
},
{
"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9",
"refsource": "MLIST",
"tags": [],
"url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"
},
{
"name": "USN-1837-1",
"refsource": "UBUNTU",
"tags": [],
"url": "http://www.ubuntu.com/usn/USN-1837-1"
},
{
"name": "openSUSE-SU-2013:1187",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
},
{
"name": "FEDORA-2013-6537",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
},
{
"name": "FEDORA-2013-6999",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
},
{
"name": "SUSE-SU-2013:1182",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2017-11-29T02:29Z",
"publishedDate": "2013-04-22T11:40Z"
}
}
}
ghsa-37h3-2fhg-m9qh
Vulnerability from github
Published
2022-05-17 00:20
Modified
2022-05-17 00:20
Details
The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.
{
"affected": [],
"aliases": [
"CVE-2013-3076"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-04-22T11:40:00Z",
"severity": "MODERATE"
},
"details": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.",
"id": "GHSA-37h3-2fhg-m9qh",
"modified": "2022-05-17T00:20:52Z",
"published": "2022-05-17T00:20:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3076"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/72a763d805a48ac8c0bf48fdb510e84c12de51fe"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-1837-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
rhsa-2013_0829
Vulnerability from csaf_redhat
Published
2013-05-20 16:44
Modified
2024-11-22 07:41
Summary
Red Hat Security Advisory: kernel-rt security and bug fix update
Notes
Topic
Updated kernel-rt packages that fix several security issues and multiple
bugs are now available for Red Hat Enterprise MRG 2.3.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Security fixes:
* It was found that the kernel-rt update RHBA-2012:0044 introduced an
integer conversion issue in the Linux kernel's Performance Events
implementation. This led to a user-supplied index into the
perf_swevent_enabled array not being validated properly, resulting in
out-of-bounds kernel memory access. A local, unprivileged user could use
this flaw to escalate their privileges. (CVE-2013-2094, Important)
A public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is
available. Refer to Red Hat Knowledge Solution 373743, linked to in the
References, for further information and mitigation instructions for users
who are unable to immediately apply this update.
* An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the Intel i915 driver in the Linux kernel handled the
allocation of the buffer used for relocation copies. A local user with
console access could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2013-0913, Important)
* It was found that the Linux kernel used effective user and group IDs
instead of real ones when passing messages with SCM_CREDENTIALS ancillary
data. A local, unprivileged user could leverage this flaw with a set user
ID (setuid) application, allowing them to escalate their privileges.
(CVE-2013-1979, Important)
* A race condition in install_user_keyrings(), leading to a NULL pointer
dereference, was found in the key management facility. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2013-1792, Moderate)
* A NULL pointer dereference flaw was found in the Linux kernel's XFS file
system implementation. A local user who is able to mount an XFS file
system could use this flaw to cause a denial of service. (CVE-2013-1819,
Moderate)
* An information leak was found in the Linux kernel's POSIX signals
implementation. A local, unprivileged user could use this flaw to bypass
the Address Space Layout Randomization (ASLR) security feature.
(CVE-2013-0914, Low)
* A use-after-free flaw was found in the tmpfs implementation. A local user
able to mount and unmount a tmpfs file system could use this flaw to cause
a denial of service or, potentially, escalate their privileges.
(CVE-2013-1767, Low)
* A NULL pointer dereference flaw was found in the Linux kernel's USB
Inside Out Edgeport Serial Driver implementation. A local user with
physical access to a system and with access to a USB device's tty file
could use this flaw to cause a denial of service. (CVE-2013-1774, Low)
* A format string flaw was found in the ext3_msg() function in the Linux
kernel's ext3 file system implementation. A local user who is able to
mount an ext3 file system could use this flaw to cause a denial of service
or, potentially, escalate their privileges. (CVE-2013-1848, Low)
* A heap-based buffer overflow flaw was found in the Linux kernel's
cdc-wdm driver, used for USB CDC WCM device management. An attacker with
physical access to a system could use this flaw to cause a denial of
service or, potentially, escalate their privileges. (CVE-2013-1860, Low)
* A heap-based buffer overflow in the way the tg3 Ethernet driver parsed
the vital product data (VPD) of devices could allow an attacker with
physical access to a system to cause a denial of service or, potentially,
escalate their privileges. (CVE-2013-1929, Low)
* Information leaks in the Linux kernel's cryptographic API could allow a
local user who has the CAP_NET_ADMIN capability to leak kernel stack memory
to user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low)
* Information leaks in the Linux kernel could allow a local, unprivileged
user to leak kernel stack memory to user-space. (CVE-2013-2634,
CVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,
CVE-2013-3231, Low)
Red Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979.
CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated kernel-rt packages that fix several security issues and multiple\nbugs are now available for Red Hat Enterprise MRG 2.3.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Security fixes:\n\n* It was found that the kernel-rt update RHBA-2012:0044 introduced an\ninteger conversion issue in the Linux kernel\u0027s Performance Events\nimplementation. This led to a user-supplied index into the\nperf_swevent_enabled array not being validated properly, resulting in\nout-of-bounds kernel memory access. A local, unprivileged user could use\nthis flaw to escalate their privileges. (CVE-2013-2094, Important)\n\nA public exploit for CVE-2013-2094 that affects Red Hat Enterprise MRG 2 is\navailable. Refer to Red Hat Knowledge Solution 373743, linked to in the\nReferences, for further information and mitigation instructions for users\nwho are unable to immediately apply this update.\n\n* An integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in the way the Intel i915 driver in the Linux kernel handled the\nallocation of the buffer used for relocation copies. A local user with\nconsole access could use this flaw to cause a denial of service or escalate\ntheir privileges. (CVE-2013-0913, Important)\n\n* It was found that the Linux kernel used effective user and group IDs\ninstead of real ones when passing messages with SCM_CREDENTIALS ancillary\ndata. A local, unprivileged user could leverage this flaw with a set user\nID (setuid) application, allowing them to escalate their privileges.\n(CVE-2013-1979, Important)\n\n* A race condition in install_user_keyrings(), leading to a NULL pointer\ndereference, was found in the key management facility. A local,\nunprivileged user could use this flaw to cause a denial of service.\n(CVE-2013-1792, Moderate)\n\n* A NULL pointer dereference flaw was found in the Linux kernel\u0027s XFS file\nsystem implementation. A local user who is able to mount an XFS file\nsystem could use this flaw to cause a denial of service. (CVE-2013-1819,\nModerate)\n\n* An information leak was found in the Linux kernel\u0027s POSIX signals\nimplementation. A local, unprivileged user could use this flaw to bypass\nthe Address Space Layout Randomization (ASLR) security feature.\n(CVE-2013-0914, Low)\n\n* A use-after-free flaw was found in the tmpfs implementation. A local user\nable to mount and unmount a tmpfs file system could use this flaw to cause\na denial of service or, potentially, escalate their privileges.\n(CVE-2013-1767, Low)\n\n* A NULL pointer dereference flaw was found in the Linux kernel\u0027s USB\nInside Out Edgeport Serial Driver implementation. A local user with\nphysical access to a system and with access to a USB device\u0027s tty file\ncould use this flaw to cause a denial of service. (CVE-2013-1774, Low)\n\n* A format string flaw was found in the ext3_msg() function in the Linux\nkernel\u0027s ext3 file system implementation. A local user who is able to\nmount an ext3 file system could use this flaw to cause a denial of service\nor, potentially, escalate their privileges. (CVE-2013-1848, Low)\n\n* A heap-based buffer overflow flaw was found in the Linux kernel\u0027s\ncdc-wdm driver, used for USB CDC WCM device management. An attacker with\nphysical access to a system could use this flaw to cause a denial of\nservice or, potentially, escalate their privileges. (CVE-2013-1860, Low)\n\n* A heap-based buffer overflow in the way the tg3 Ethernet driver parsed\nthe vital product data (VPD) of devices could allow an attacker with\nphysical access to a system to cause a denial of service or, potentially,\nescalate their privileges. (CVE-2013-1929, Low)\n\n* Information leaks in the Linux kernel\u0027s cryptographic API could allow a\nlocal user who has the CAP_NET_ADMIN capability to leak kernel stack memory\nto user-space. (CVE-2013-2546, CVE-2013-2547, CVE-2013-2548, Low)\n\n* Information leaks in the Linux kernel could allow a local, unprivileged\nuser to leak kernel stack memory to user-space. (CVE-2013-2634,\nCVE-2013-2635, CVE-2013-3076, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225,\nCVE-2013-3231, Low)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2013-1979.\nCVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2013:0829",
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/solutions/373743",
"url": "https://access.redhat.com/site/solutions/373743"
},
{
"category": "external",
"summary": "https://rhn.redhat.com/errata/RHBA-2012-0044.html",
"url": "https://rhn.redhat.com/errata/RHBA-2012-0044.html"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0829.html",
"url": "https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_MRG/2/html/Technical_Notes/RHSA-2013-0829.html"
},
{
"category": "external",
"summary": "915592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915592"
},
{
"category": "external",
"summary": "916191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
},
{
"category": "external",
"summary": "916646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"
},
{
"category": "external",
"summary": "918009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918009"
},
{
"category": "external",
"summary": "918098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918098"
},
{
"category": "external",
"summary": "918512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918512"
},
{
"category": "external",
"summary": "920471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920471"
},
{
"category": "external",
"summary": "920499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920499"
},
{
"category": "external",
"summary": "920783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920783"
},
{
"category": "external",
"summary": "921970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970"
},
{
"category": "external",
"summary": "924689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924689"
},
{
"category": "external",
"summary": "924690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924690"
},
{
"category": "external",
"summary": "927026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=927026"
},
{
"category": "external",
"summary": "949932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=949932"
},
{
"category": "external",
"summary": "955216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955216"
},
{
"category": "external",
"summary": "955599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955599"
},
{
"category": "external",
"summary": "955629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955629"
},
{
"category": "external",
"summary": "955649",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955649"
},
{
"category": "external",
"summary": "956094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=956094"
},
{
"category": "external",
"summary": "956162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=956162"
},
{
"category": "external",
"summary": "962792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0829.json"
}
],
"title": "Red Hat Security Advisory: kernel-rt security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T07:41:23+00:00",
"generator": {
"date": "2024-11-22T07:41:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2013:0829",
"initial_release_date": "2013-05-20T16:44:00+00:00",
"revision_history": [
{
"date": "2013-05-20T16:44:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2013-05-20T16:47:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T07:41:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product": {
"name": "Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise MRG for RHEL-6"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-devel@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo-common-x86_64@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-debuginfo@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debuginfo@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-debuginfo@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-devel@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-vanilla-debuginfo@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-trace-devel@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product": {
"name": "kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_id": "kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-debug-devel@3.6.11.2-rt33.39.el6rt?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"product": {
"name": "kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"product_id": "kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-doc@3.6.11.2-rt33.39.el6rt?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"product": {
"name": "kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"product_id": "kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt-firmware@3.6.11.2-rt33.39.el6rt?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch",
"product": {
"name": "mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch",
"product_id": "mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mrg-rt-release@3.6.11.2-rt33.39.el6rt?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"product": {
"name": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"product_id": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-rt@3.6.11.2-rt33.39.el6rt?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.src as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src"
},
"product_reference": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch"
},
"product_reference": "kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch"
},
"product_reference": "kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64 as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64"
},
"product_reference": "kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch as a component of Red Hat MRG Realtime for RHEL 6 Server v.2",
"product_id": "6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
},
"product_reference": "mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch",
"relates_to_product_reference": "6Server-MRG-Realtime-2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0913",
"discovery_date": "2013-03-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "920471"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: drm/i915: heap writing overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0913"
},
{
"category": "external",
"summary": "RHBZ#920471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920471"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0913"
}
],
"release_date": "2013-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Kernel: drm/i915: heap writing overflow"
},
{
"cve": "CVE-2013-0914",
"discovery_date": "2013-03-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "920499"
}
],
"notes": [
{
"category": "description",
"text": "The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: sa_restorer information leak",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-0914"
},
{
"category": "external",
"summary": "RHBZ#920499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-0914",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0914"
}
],
"release_date": "2013-03-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: sa_restorer information leak"
},
{
"cve": "CVE-2013-1767",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2013-02-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "915592"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: tmpfs: fix use-after-free of mempolicy object",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1767"
},
{
"category": "external",
"summary": "RHBZ#915592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=915592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1767"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1767",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1767"
}
],
"release_date": "2013-02-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: tmpfs: fix use-after-free of mempolicy object"
},
{
"cve": "CVE-2013-1774",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2013-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "916191"
}
],
"notes": [
{
"category": "description",
"text": "The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: USB io_ti driver NULL pointer dereference in routine chase_port",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1774"
},
{
"category": "external",
"summary": "RHBZ#916191",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916191"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1774",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1774"
}
],
"release_date": "2013-01-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 3.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: USB io_ti driver NULL pointer dereference in routine chase_port"
},
{
"acknowledgments": [
{
"names": [
"Mateusz Guzik"
],
"organization": "Red Hat EMEA GSS SEG Team",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2013-1792",
"discovery_date": "2013-02-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "916646"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: keys: race condition in install_user_keyrings()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1792"
},
{
"category": "external",
"summary": "RHBZ#916646",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916646"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1792"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1792",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1792"
}
],
"release_date": "2013-03-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Kernel: keys: race condition in install_user_keyrings()"
},
{
"cve": "CVE-2013-1819",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2013-01-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "918009"
}
],
"notes": [
{
"category": "description",
"text": "The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the ability to mount an XFS filesystem containing a metadata inode with an invalid extent map.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Due to it\u0027s limited impact, this issue is not currently planned to be addressed in Red Hat Enterprise Linux 6.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1819"
},
{
"category": "external",
"summary": "RHBZ#918009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1819",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1819"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1819",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1819"
}
],
"release_date": "2013-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 3.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: xfs: _xfs_buf_find oops on blocks beyond the filesystem end"
},
{
"cve": "CVE-2013-1848",
"discovery_date": "2013-03-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "920783"
}
],
"notes": [
{
"category": "description",
"text": "fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect arguments to functions in certain circumstances related to printk input, which allows local users to conduct format-string attacks and possibly gain privileges via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: ext3: format string issues",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5 because it did not backport the commit 4cf46b67eb that introduced this issue.\n\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1848"
},
{
"category": "external",
"summary": "RHBZ#920783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=920783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1848",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1848"
}
],
"release_date": "2013-03-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: ext3: format string issues"
},
{
"cve": "CVE-2013-1860",
"discovery_date": "2013-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "921970"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: usb: cdc-wdm buffer overflow triggered by device",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\n\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1860"
},
{
"category": "external",
"summary": "RHBZ#921970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=921970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1860",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1860"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1860",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1860"
}
],
"release_date": "2013-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: usb: cdc-wdm buffer overflow triggered by device"
},
{
"cve": "CVE-2013-1929",
"discovery_date": "2013-04-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "949932"
}
],
"notes": [
{
"category": "description",
"text": "Heap-based buffer overflow in the tg3_read_vpd function in drivers/net/ethernet/broadcom/tg3.c in the Linux kernel before 3.8.6 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via crafted firmware that specifies a long string in the Vital Product Data (VPD) data structure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: tg3: buffer overflow in VPD firmware parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\n\nThe Red Hat Security Response Team has rated this issue as having low security \nimpact because physical access is needed to exploit this issue. Future kernel \nupdates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may \naddress this issue. For additional information, refer to the Issue Severity \nClassification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1929"
},
{
"category": "external",
"summary": "RHBZ#949932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=949932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1929",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1929"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1929",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1929"
}
],
"release_date": "2013-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: tg3: buffer overflow in VPD firmware parsing"
},
{
"acknowledgments": [
{
"names": [
"Andy Lutomirski"
]
}
],
"cve": "CVE-2013-1979",
"discovery_date": "2013-04-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "955629"
}
],
"notes": [
{
"category": "description",
"text": "The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: net: incorrect SCM_CREDENTIALS passing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue was addressed in Red Hat Enterprise MRG 2 via RHSA-2013:0829 https://rhn.redhat.com/errata/RHSA-2013-0829.html",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-1979"
},
{
"category": "external",
"summary": "RHBZ#955629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-1979",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1979"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-1979",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1979"
}
],
"release_date": "2013-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: net: incorrect SCM_CREDENTIALS passing"
},
{
"cve": "CVE-2013-2094",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2013-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "962792"
}
],
"notes": [
{
"category": "description",
"text": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: perf_swevent_enabled array out-of-bound access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the kernel packages as shipped with Red Hat Enterprise Linux 5 because we did not backport upstream commit b0a873eb that introduced this issue.\n\nThis issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0830 (https://rhn.redhat.com/errata/RHSA-2013-0830.html), Red Hat Enterprise Linux 6.1 Extended update support via RHSA-2013:0841 (https://rhn.redhat.com/errata/RHSA-2013-0841.html), Red Hat Enterprise Linux 6.2 Extended update support via RHSA-2013:0840 (https://rhn.redhat.com/errata/RHSA-2013-0840.html), Red Hat Enterprise Linux 6.3 Extended Update Support via RHSA-2013:0832 (https://rhn.redhat.com/errata/RHSA-2013-0832.html), and Red Hat Enterprise MRG 2 via RHSA-2013:0829 (https://rhn.redhat.com/errata/RHSA-2013-0829.html).\n\nRed Hat Enterprise Linux 6.0 was not affected by this flaw.\n\nRefer to https://access.redhat.com/site/solutions/373743 for further information.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2094"
},
{
"category": "external",
"summary": "RHBZ#962792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2094",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2094"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2013-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-09-15T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: perf_swevent_enabled array out-of-bound access"
},
{
"cve": "CVE-2013-2546",
"discovery_date": "2013-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "918512"
}
],
"notes": [
{
"category": "description",
"text": "The report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect C library function for copying strings, which allows local users to obtain sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: crypto: info leaks in report API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "These issues do not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. \n\nThese issues do affect the version of Linux kernel as shipped with Red Hat\nEnterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address\nthis issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2546"
},
{
"category": "external",
"summary": "RHBZ#918512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2546",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2546"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2546",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2546"
}
],
"release_date": "2013-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: crypto: info leaks in report API"
},
{
"cve": "CVE-2013-2547",
"discovery_date": "2013-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "918512"
}
],
"notes": [
{
"category": "description",
"text": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 does not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: crypto: info leaks in report API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "These issues do not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. \n\nThese issues do affect the version of Linux kernel as shipped with Red Hat\nEnterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address\nthis issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2547"
},
{
"category": "external",
"summary": "RHBZ#918512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2547",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2547"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2547",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2547"
}
],
"release_date": "2013-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: crypto: info leaks in report API"
},
{
"cve": "CVE-2013-2548",
"discovery_date": "2013-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "918512"
}
],
"notes": [
{
"category": "description",
"text": "The crypto_report_one function in crypto/crypto_user.c in the report API in the crypto user configuration API in the Linux kernel through 3.8.2 uses an incorrect length value during a copy operation, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: crypto: info leaks in report API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "These issues do not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. \n\nThese issues do affect the version of Linux kernel as shipped with Red Hat\nEnterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address\nthis issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2548"
},
{
"category": "external",
"summary": "RHBZ#918512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=918512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2548",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2548"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2548",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2548"
}
],
"release_date": "2013-02-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 1.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: crypto: info leaks in report API"
},
{
"cve": "CVE-2013-2634",
"discovery_date": "2013-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "924689"
}
],
"notes": [
{
"category": "description",
"text": "net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Information leak in the Data Center Bridging (DCB) component",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\n\nThis issue does affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2634"
},
{
"category": "external",
"summary": "RHBZ#924689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2634",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2634"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2634",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2634"
}
],
"release_date": "2013-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Information leak in the Data Center Bridging (DCB) component"
},
{
"cve": "CVE-2013-2635",
"discovery_date": "2013-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "924690"
}
],
"notes": [
{
"category": "description",
"text": "The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Information leak in the RTNETLINK component",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\n\nThis issue does affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-2635"
},
{
"category": "external",
"summary": "RHBZ#924690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=924690"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-2635",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2635"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-2635",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2635"
}
],
"release_date": "2013-03-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Information leak in the RTNETLINK component"
},
{
"cve": "CVE-2013-3076",
"discovery_date": "2013-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "956162"
}
],
"notes": [
{
"category": "description",
"text": "The crypto API in the Linux kernel through 3.9-rc8 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call, related to the hash_recvmsg function in crypto/algif_hash.c and the skcipher_recvmsg function in crypto/algif_skcipher.c.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: crypto: algif - suppress sending source address information in recvmsg",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\n\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2\nmay address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-3076"
},
{
"category": "external",
"summary": "RHBZ#956162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=956162"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3076"
}
],
"release_date": "2013-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: crypto: algif - suppress sending source address information in recvmsg"
},
{
"cve": "CVE-2013-3222",
"discovery_date": "2013-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "955216"
}
],
"notes": [
{
"category": "description",
"text": "The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: atm: update msg_namelen in vcc_recvmsg()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may\naddress this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-3222"
},
{
"category": "external",
"summary": "RHBZ#955216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-3222",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3222"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3222",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3222"
}
],
"release_date": "2013-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: atm: update msg_namelen in vcc_recvmsg()"
},
{
"cve": "CVE-2013-3224",
"discovery_date": "2013-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "955599"
}
],
"notes": [
{
"category": "description",
"text": "The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may\naddress this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-3224"
},
{
"category": "external",
"summary": "RHBZ#955599",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955599"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-3224",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3224"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3224",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3224"
}
],
"release_date": "2013-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()"
},
{
"cve": "CVE-2013-3225",
"discovery_date": "2013-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "955649"
}
],
"notes": [
{
"category": "description",
"text": "The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\n\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-3225"
},
{
"category": "external",
"summary": "RHBZ#955649",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=955649"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-3225",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3225"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3225",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3225"
}
],
"release_date": "2013-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg"
},
{
"cve": "CVE-2013-3231",
"discovery_date": "2013-04-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "956094"
}
],
"notes": [
{
"category": "description",
"text": "The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of the Linux kernel as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. Future kernel\nupdates for Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2 may\naddress this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2013-3231"
},
{
"category": "external",
"summary": "RHBZ#956094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=956094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2013-3231",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3231"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-3231",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3231"
}
],
"release_date": "2013-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2013-05-20T16:44:00+00:00",
"details": "This update also fixes multiple bugs. Documentation for these changes will\nbe available shortly from the Technical Notes document linked to in the\nReferences section.\n\nUsers should upgrade to these updated packages, which upgrade the kernel-rt\nkernel to version kernel-rt-3.6.11.2-rt33, correct these issues, and fix\nthe bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system\nmust be rebooted for this update to take effect.\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\nTo install kernel packages manually, use \"rpm -ivh [package]\". Do not\nuse \"rpm -Uvh\" as that will remove the running kernel binaries from\nyour system. You may use \"rpm -e\" to remove old kernels after\ndetermining that the new kernel functions properly on your system.",
"product_ids": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2013:0829"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.src",
"6Server-MRG-Realtime-2:kernel-rt-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debug-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-debuginfo-common-x86_64-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-doc-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-firmware-0:3.6.11.2-rt33.39.el6rt.noarch",
"6Server-MRG-Realtime-2:kernel-rt-trace-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-trace-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-debuginfo-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:kernel-rt-vanilla-devel-0:3.6.11.2-rt33.39.el6rt.x86_64",
"6Server-MRG-Realtime-2:mrg-rt-release-0:3.6.11.2-rt33.39.el6rt.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.