{ "threat_severity" : "Low", "public_date" : "2013-03-12T00:00:00Z", "bugzilla" : { "description" : "kernel: usb: cdc-wdm buffer overflow triggered by device", "id" : "921970", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=921970" }, "cvss" : { "cvss_base_score" : "6.9", "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "status" : "verified" }, "details" : [ "Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device." ], "statement" : "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2014-03-25T00:00:00Z", "advisory" : "RHSA-2014:0328", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-431.11.2.el6" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2013-05-20T00:00:00Z", "advisory" : "RHSA-2013:0829", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-0:3.6.11.2-rt33.39.el6rt" }, { "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6", "release_date" : "2014-03-31T00:00:00Z", "advisory" : "RHSA-2014:0339", "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor", "package" : "rhev-hypervisor6-0:6.5-20140324.0.el6ev" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-1860\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1860" ], "name" : "CVE-2013-1860", "csaw" : false }