{
  "threat_severity" : "Low",
  "public_date" : "2013-11-21T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: net: information leak in recvmsg handler msg_name & msg_namelen logic",
    "id" : "1039845",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039845"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "The packet_recvmsg function in net/packet/af_packet.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call." ],
  "statement" : "This issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.\nRed Hat Enterprise Linux 5 is now in Production 3 Phase of the support and\nmaintenance life cycle. This has been rated as having Low security\nimpact and is not currently planned to be addressed in future updates. For\nadditional information, refer to the Red Hat Enterprise Linux Life\nCycle: https://access.redhat.com/support/policy/updates/errata/.",
  "acknowledgement" : "Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2014-03-25T00:00:00Z",
    "advisory" : "RHSA-2014:0328",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-431.11.2.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-7270\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7270" ],
  "name" : "CVE-2013-7270",
  "csaw" : false
}