{
  "threat_severity" : "Low",
  "public_date" : "2013-01-09T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bluetooth HIDP implementation information disclosure",
    "id" : "914298",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=914298"
  },
  "cvss" : {
    "cvss_base_score" : "1.5",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:S/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call." ],
  "statement" : "This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.\nThis issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-04-23T00:00:00Z",
    "advisory" : "RHSA-2013:0744",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-358.6.1.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-0349\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-0349" ],
  "name" : "CVE-2013-0349",
  "csaw" : false
}