{ "threat_severity" : "Low", "public_date" : "2013-03-09T00:00:00Z", "bugzilla" : { "description" : "kernel: Information leak in the RTNETLINK component", "id" : "924690", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=924690" }, "cvss" : { "cvss_base_score" : "1.9", "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "status" : "verified" }, "details" : [ "The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux kernel before 3.8.4 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel stack memory via a crafted application." ], "statement" : "This issue does not affect the version of the kernel package as shipped with\nRed Hat Enterprise Linux 5.\nThis issue does affect the versions of Linux kernel as shipped with\nRed Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2. Future kernel updates\nfor Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2 may address this\nissue.", "affected_release" : [ { "product_name" : "OpenStack 3 for RHEL 6", "release_date" : "2013-07-16T00:00:00Z", "advisory" : "RHSA-2013:1080", "cpe" : "cpe:/a:redhat:openstack:3::el6", "package" : "kernel-0:2.6.32-358.114.1.openstack.el6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2013-07-16T00:00:00Z", "advisory" : "RHSA-2013:1051", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "kernel-0:2.6.32-358.14.1.el6" }, { "product_name" : "Red Hat Enterprise MRG 2", "release_date" : "2013-05-20T00:00:00Z", "advisory" : "RHSA-2013:0829", "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package" : "kernel-rt-0:3.6.11.2-rt33.39.el6rt" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-2635\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2635" ], "name" : "CVE-2013-2635", "csaw" : false }