{
  "threat_severity" : "Moderate",
  "public_date" : "2014-03-07T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: powerpc: tm: crash when forking inside a transaction",
    "id" : "1083213",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1083213"
  },
  "cvss" : {
    "cvss_base_score" : "4.9",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "details" : [ "The arch_dup_task_struct function in the Transactional Memory (TM) implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platform does not properly interact with the clone and fork system calls, which allows local users to cause a denial of service (Program Check and system crash) via certain instructions that are executed with the processor in the Transactional state.", "A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system." ],
  "statement" : "This issue does not affect Red Hat Enterprise Linux 5 and 6 because we do not provide support for Transactional Memory on Power PC architecture.\nThis issue does not affect Red Hat Enterprise MRG 2 because we do not support Power PC architecture.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2014-08-06T00:00:00Z",
    "advisory" : "RHSA-2014:1023",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-123.6.3.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-2673\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2673" ],
  "name" : "CVE-2014-2673",
  "csaw" : false
}