{
  "threat_severity" : "Low",
  "public_date" : "2014-03-10T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: net: use-after-free during segmentation with zerocopy",
    "id" : "1074589",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1074589"
  },
  "cvss" : {
    "cvss_base_score" : "2.9",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:N/C:P/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-416",
  "details" : [ "Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation." ],
  "statement" : "This issue does not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.\nThis issue affects the Linux kernel package as shipped with Red Hat Enterprise Linux 6. \nRed Hat Product Security has rated this issue as having Low security impact. The risks and engineering effort associated with fixing this bug are greater\nthan its security impact. This issue is not currently planned to be addressed\nin future kernel updates for Red Hat Enterprise Linux 6. For additional\ninformation, refer to the Issue Severity Classification: \nhttps://access.redhat.com/security/updates/classification/.",
  "acknowledgement" : "This issue was discovered by Michael S. Tsirkin (Red Hat).",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 6.4",
    "fix_state" : "Affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:rhel_eus:6.4"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "fix_state" : "Not affected",
    "package_name" : "realtime-kernel",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-0131\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0131" ],
  "name" : "CVE-2014-0131",
  "csaw" : false
}