{
  "threat_severity" : "Important",
  "public_date" : "2015-03-05T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: xfs: replacing remote attributes memory corruption",
    "id" : "1195248",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1195248"
  },
  "cvss" : {
    "cvss_base_score" : "6.9",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "details" : [ "The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.", "A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system." ],
  "statement" : "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise 5 and 6. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.",
  "acknowledgement" : "Red Hat would like to thank Eric Windisch (Docker project) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-03-05T00:00:00Z",
    "advisory" : "RHSA-2015:0290",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-229.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2015-03-17T00:00:00Z",
    "advisory" : "RHSA-2015:0694",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-229.rt56.144.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-0274\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0274" ],
  "name" : "CVE-2015-0274",
  "csaw" : false
}