{
  "threat_severity" : "Important",
  "public_date" : "2013-06-30T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net: IP_REPOPTS invalid free",
    "id" : "979936",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=979936"
  },
  "cvss" : {
    "cvss_base_score" : "6.9",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "details" : [ "A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain privileges via a sendmsg system call with the IP_RETOPTS option, as demonstrated by hemlock.c.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-3552." ],
  "statement" : "This issue did not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6 may address this issue.",
  "affected_release" : [ {
    "product_name" : "OpenStack 3 for RHEL 6",
    "release_date" : "2013-09-03T00:00:00Z",
    "advisory" : "RHSA-2013:1195",
    "cpe" : "cpe:/a:redhat:openstack:3::el6",
    "package" : "kernel-0:2.6.32-358.118.1.openstack.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2013-08-20T00:00:00Z",
    "advisory" : "RHSA-2013:1166",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-348.16.1.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2013-08-27T00:00:00Z",
    "advisory" : "RHSA-2013:1173",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-358.18.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only",
    "release_date" : "2013-10-22T00:00:00Z",
    "advisory" : "RHSA-2013:1450",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.3",
    "package" : "kernel-0:2.6.32-279.37.2.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-2224\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2224" ],
  "name" : "CVE-2013-2224",
  "csaw" : false
}