{ "threat_severity" : "Important", "public_date" : "2012-10-23T00:00:00Z", "bugzilla" : { "description" : "kernel: ext4: AIO vs fallocate stale data exposure", "id" : "869904", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=869904" }, "cvss" : { "cvss_base_score" : "4.9", "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:N/A:N", "status" : "verified" }, "details" : [ "Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from a deleted file by reading an extent that was not properly marked as uninitialized." ], "acknowledgement" : "Red Hat would like to thank Theodore Ts'o for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2012-12-04T00:00:00Z", "advisory" : "RHSA-2012:1540", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "kernel-0:2.6.18-308.24.1.el5" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2013-02-20T00:00:00Z", "advisory" : "RHSA-2013:0496", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-358.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only", "release_date" : "2013-11-13T00:00:00Z", "advisory" : "RHSA-2013:1519", "cpe" : "cpe:/o:redhat:rhel_eus:6.2", "package" : "kernel-0:2.6.32-220.45.1.el6" }, { "product_name" : "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only", "release_date" : "2013-12-05T00:00:00Z", "advisory" : "RHSA-2013:1783", "cpe" : "cpe:/o:redhat:rhel_eus:6.3", "package" : "kernel-0:2.6.32-279.39.1.el6" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2012-12-04T00:00:00Z", "advisory" : "RHSA-2012:1491", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-0:3.2.33-rt50.66.el6rt" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-4508\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4508" ], "name" : "CVE-2012-4508", "csaw" : false }