{
  "threat_severity" : "Low",
  "public_date" : "2012-10-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: uts: stack memory leak in UNAME26",
    "id" : "862877",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=862877"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-401",
  "details" : [ "The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality." ],
  "statement" : "This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.\nThis issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2.",
  "acknowledgement" : "Red Hat would like to thank Kees Cook for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2012-12-04T00:00:00Z",
    "advisory" : "RHSA-2012:1491",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.2.33-rt50.66.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-0957\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-0957" ],
  "name" : "CVE-2012-0957",
  "csaw" : false
}