{
  "threat_severity" : "Moderate",
  "public_date" : "2016-11-15T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: EXT4 memory corruption / SLAB out-of-bounds read",
    "id" : "1395190",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1395190"
  },
  "cvss" : {
    "cvss_base_score" : "4.7",
    "cvss_scoring_vector" : "AV:L/AC:M/Au:N/C:N/I:N/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.2",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-125",
  "details" : [ "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.", "Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads." ],
  "statement" : "This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, MRG-2 and realtime kernels. This has been rated as having Moderate security impact and is currently planned to be addressed in future updates.\nThis issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-05-25T00:00:00Z",
    "advisory" : "RHSA-2017:1298",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-514.21.1.rt56.438.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-05-25T00:00:00Z",
    "advisory" : "RHSA-2017:1308",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-514.21.1.el7"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2017-05-25T00:00:00Z",
    "advisory" : "RHSA-2017:1297",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-514.rt56.221.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-10208\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-10208" ],
  "name" : "CVE-2016-10208",
  "csaw" : false
}