{ "threat_severity" : "Low", "public_date" : "2015-01-28T00:00:00Z", "bugzilla" : { "description" : "kernel: fs/fhandle.c race condition", "id" : "1187534", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1187534" }, "cvss" : { "cvss_base_score" : "2.6", "cvss_scoring_vector" : "AV:L/AC:H/Au:N/C:P/I:P/A:N", "status" : "draft" }, "cwe" : "CWE-841->CWE-770->CWE-454", "details" : [ "Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function." ], "statement" : "This problem does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG-2 kernels.\nThis has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Will not fix", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Will not fix", "package_name" : "kernel", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1420\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1420" ], "name" : "CVE-2015-1420", "csaw" : false }