{
  "threat_severity" : "Low",
  "public_date" : "2013-03-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: crypto api unprivileged arbitrary module load via request_module()",
    "id" : "1185469",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185469"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-749",
  "details" : [ "The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.", "A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel." ],
  "statement" : "This issue did not affect the versions of the kernel as shipped\nwith Red Hat Enterprise Linux 4, 5, and 6.\nThis issue affects the versions of the Linux as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having Low  security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2411",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-327.rt56.204.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2152",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-327.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2016-01-26T00:00:00Z",
    "advisory" : "RHSA-2016:0068",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-327.rt56.170.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2013-7421\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-7421" ],
  "name" : "CVE-2013-7421",
  "csaw" : false
}