[VU:774103] Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerability
Severity
High
CVEs
1
Overview
The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges.
Impact
A local authenticated user may be able to exploit this vulnerability to escalate privileges.
Solution
Apply an Update Red Hat, Debian, CentOS, and Ubuntu have all released patches. Users should receive the patches through their Linux distributions' normal update process. Affected Distributions
Red Hat Enterprise Linux 6 & Red Hat Enterprise MRG 2
CentOS 6
Debian 7.0 (Wheezy)
Ubuntu 12.04 LTS, 12.10, 13.04
Other distributions may be affected but were not confirmed at the time of publication.
Acknowledgements
Tommi Rantala
discovered
this vulnerability.
- ID
- VU:774103
- Severity
- high
- Severity from
- CVE-2013-2094
- URL
- https://kb.cert.org/vuls/id/774103
- Published
-
2013-05-17T15:52:40
(11 years ago) - Modified
-
2013-05-17T16:00:53
(11 years ago) - Rights
- Copyright 2013, CERT Coordination Center (CERT/CC)
- Other Advisories
ALAS-2013-190
CISA-2022:0915
DSA-2669-1
ELSA-2013-0830
RHSA-2013:0830
SSA:2013-140-01
SUSE-SU-2015:0481-1
USN-1825-1| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |