{
  "threat_severity" : "Important",
  "public_date" : "2013-02-19T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: vhost: fix length for cross region descriptor",
    "id" : "912905",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=912905"
  },
  "cvss" : {
    "cvss_base_score" : "6.5",
    "cvss_scoring_vector" : "AV:A/AC:H/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "details" : [ "The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges." ],
  "statement" : "This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.\nThis issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-02-20T00:00:00Z",
    "advisory" : "RHSA-2013:0496",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-358.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
    "release_date" : "2013-05-30T00:00:00Z",
    "advisory" : "RHSA-2013:0882",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.2",
    "package" : "kernel-0:2.6.32-220.38.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only",
    "release_date" : "2013-06-11T00:00:00Z",
    "advisory" : "RHSA-2013:0928",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.3",
    "package" : "kernel-0:2.6.32-279.31.1.el6"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2013-02-28T00:00:00Z",
    "advisory" : "RHSA-2013:0579",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor",
    "package" : "rhev-hypervisor6-0:6.4-20130221.0.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-0311\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0311" ],
  "name" : "CVE-2013-0311",
  "csaw" : false
}