CVE-2013-2094 — HIGH (8.4) — White Hats Nepal

Q: How severe is CVE-2013-2094?

CVE-2013-2094 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-2094?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	< 3.0.75

Related Weaknesses (CWE)

CWE-189

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=Not Applicable
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.htmlThird Party AdvisoryVDB Entry
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.htmlThird Party AdvisoryVDB Entry
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.htmlThird Party AdvisoryVDB Entry
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.htmlThird Party AdvisoryVDB Entry
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.htmlThird Party AdvisoryVDB Entry
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.htmlThird Party Advisory
http://news.ycombinator.com/item?id=5703758Third Party Advisory
http://packetstormsecurity.com/files/121616/semtex.cExploitThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2013-0830.htmlThird Party Advisory
http://twitter.com/djrbliss/statuses/334301992648331267Patch

FAQ

What is CVE-2013-2094?

CVE-2013-2094 is a vulnerability with a CVSS score of 8.4 (HIGH). The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open s...

How severe is CVE-2013-2094?

CVE-2013-2094 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-2094?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.