{
  "threat_severity" : "Low",
  "public_date" : "2013-02-24T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: tmpfs: fix use-after-free of mempolicy object",
    "id" : "915592",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=915592"
  },
  "cvss" : {
    "cvss_base_score" : "6.0",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option." ],
  "statement" : "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-04-23T00:00:00Z",
    "advisory" : "RHSA-2013:0744",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-358.6.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only",
    "release_date" : "2013-05-30T00:00:00Z",
    "advisory" : "RHSA-2013:0882",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.2",
    "package" : "kernel-0:2.6.32-220.38.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only",
    "release_date" : "2013-06-11T00:00:00Z",
    "advisory" : "RHSA-2013:0928",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.3",
    "package" : "kernel-0:2.6.32-279.31.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-05-20T00:00:00Z",
    "advisory" : "RHSA-2013:0829",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.6.11.2-rt33.39.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-1767\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1767" ],
  "name" : "CVE-2013-1767",
  "csaw" : false
}