CVE-2013-2094

Confirmed PUBLISHED

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local...

Linux · Linux Kernel
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
8.4 High

At a Glance

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

nessus_scanner linux cisa
CVE Published
May 14, 2013
Exploitation Reported
Sep 15, 2022
CVSS
8.4 High
EPSS
Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • openSUSE-SU-2013:0847 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018...
  • MDVSA-2013:176 mandriva.com · Vendor Advisory http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
  • USN-1826-1 ubuntu.com · Vendor Advisory http://www.ubuntu.com/usn/USN-1826-1
  • USN-1838-1 ubuntu.com · Vendor Advisory http://www.ubuntu.com/usn/USN-1838-1
  • USN-1828-1 ubuntu.com · Vendor Advisory http://www.ubuntu.com/usn/USN-1828-1
Show 24 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.