CVE-2013-2094
CVSS v2.0
7.2 (High)
EPSS
0.18 % (56th)
Affected Products
1
Advisories
19
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
Weaknesses
- CWE-189
- Numeric Errors
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2013-05-14 20:55:01
(11 years ago) - Updated Date
-
2024-03-04 22:58:17
(6 months ago)
Linux Kernel Privilege Escalation Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
- Description
- Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.
- Required Action
- Apply updates per vendor instructions.
- Known to be Used in Ransomware Campaigns
- Unknown
- Notes
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094
- Vendor
- Linux
- Product
- Kernel
- In CISA Catalog from
-
2022-09-15
(2 years ago) - Due Date
-
2022-10-06
(23 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...