{
  "threat_severity" : "Low",
  "public_date" : "2012-08-15T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: Bluetooth: RFCOMM - information leak",
    "id" : "922404",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=922404"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application." ],
  "statement" : "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Future kernel\nupdates for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 may\naddress this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2013-07-10T00:00:00Z",
    "advisory" : "RHSA-2013:1034",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-348.12.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-11-20T00:00:00Z",
    "advisory" : "RHSA-2013:1645",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-431.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-6545\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-6545" ],
  "name" : "CVE-2012-6545",
  "csaw" : false
}