{
  "threat_severity" : "Low",
  "public_date" : "2015-11-23T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: Null pointer dereference when mounting ext4",
    "id" : "1267261",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1267261"
  },
  "cvss" : {
    "cvss_base_score" : "4.9",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of service (NULL pointer dereference and panic) via a crafted USB device, related to the ext4_fill_super function.", "A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system." ],
  "statement" : "This problem did not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 7 and MRG-2.",
  "acknowledgement" : "Red Hat would like to thank Dmitriy Monakhov (OpenVZ project) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2016-05-10T00:00:00Z",
    "advisory" : "RHSA-2016:0855",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-642.el6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-8324\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8324" ],
  "name" : "CVE-2015-8324",
  "csaw" : false
}