{
  "threat_severity" : "Low",
  "public_date" : "2012-08-18T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: stack disclosure in binfmt_script load_script()",
    "id" : "868285",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=868285"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application." ],
  "statement" : "This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5.\nThis issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.\nThis issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-02-05T00:00:00Z",
    "advisory" : "RHSA-2013:0223",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-279.22.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-03-06T00:00:00Z",
    "advisory" : "RHSA-2013:0566",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.6.11-rt28.20.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-4530\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-4530" ],
  "name" : "CVE-2012-4530",
  "csaw" : false
}