{
  "threat_severity" : "Low",
  "public_date" : "2013-06-03T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: fanotify: info leak in copy_event_to_user",
    "id" : "971258",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=971258"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-200",
  "details" : [ "The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c in the Linux kernel through 3.9.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a read operation on the fanotify descriptor." ],
  "statement" : "This issue does not affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6.\nThis issue affects the version of the kernel package as shipped with\nRed Hat Enterprise MRG 2. Future kernel updates for Red Hat Enterprise MRG 2\nmay address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2013-09-16T00:00:00Z",
    "advisory" : "RHSA-2013:1264",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-0:3.6.11.5-rt37.55.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-2148\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2148" ],
  "name" : "CVE-2013-2148",
  "csaw" : false
}