{
  "threat_severity" : "Low",
  "public_date" : "2017-01-11T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: kvm: use after free in complete_emulated_mmio",
    "id" : "1413001",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1413001"
  },
  "cvss" : {
    "cvss_base_score" : "5.5",
    "cvss_scoring_vector" : "AV:A/AC:H/Au:S/C:P/I:P/A:C",
    "status" : "verified"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt." ],
  "statement" : "This issue does not affect the versions of the kernel package as shipped with\nRed Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.\nThis issue affects the version of Linux kernel as shipped with\nRed Hat Enterprise Linux 7.\nThis has been rated as having Low security impact and is not currently\nplanned to be addressed in future updates. For additional information, refer\nto the Red Hat Enterprise Linux Life Cycle:\nhttps://access.redhat.com/support/policy/updates/errata/",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-01T00:00:00Z",
    "advisory" : "RHSA-2017:2077",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-693.rt56.617.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-08-01T00:00:00Z",
    "advisory" : "RHSA-2017:1842",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-693.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-2584\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-2584" ],
  "name" : "CVE-2017-2584",
  "csaw" : false
}