{
  "threat_severity" : "Moderate",
  "public_date" : "2013-03-06T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: keys: race condition in install_user_keyrings()",
    "id" : "916646",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=916646"
  },
  "cvss" : {
    "cvss_base_score" : "4.0",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads." ],
  "statement" : "This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2 may address this issue.",
  "acknowledgement" : "This issue was discovered by Mateusz Guzik (Red Hat EMEA GSS SEG Team).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-04-23T00:00:00Z",
    "advisory" : "RHSA-2013:0744",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-358.6.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-05-20T00:00:00Z",
    "advisory" : "RHSA-2013:0829",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.6.11.2-rt33.39.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-1792\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1792" ],
  "name" : "CVE-2013-1792",
  "csaw" : false
}