Back to KEVs

CVE-2013-2094

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local...

Basic Information

CVE State
PUBLISHED
Reserved Date
February 19, 2013
Published Date
May 14, 2013
Last Updated
February 04, 2025
Vendor
Linux
Product
Linux Kernel
Description
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
Tags
linux cisa nessus_scanner

CVSS Scores

CVSS v3.1

8.4 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2022-09-15 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2019-07-23 12:31:55 UTC) Source

References

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html http://www.ubuntu.com/usn/USN-1826-1 http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html http://www.ubuntu.com/usn/USN-1838-1 https://bugzilla.redhat.com/show_bug.cgi?id=962792 https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 http://www.ubuntu.com/usn/USN-1828-1 http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html http://www.ubuntu.com/usn/USN-1827-1 http://www.ubuntu.com/usn/USN-1836-1 http://www.osvdb.org/93361 http://www.exploit-db.com/exploits/33589 http://rhn.redhat.com/errata/RHSA-2013-0830.html http://news.ycombinator.com/item?id=5703758 http://www.openwall.com/lists/oss-security/2013/05/14/6 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html http://packetstormsecurity.com/files/121616/semtex.c http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://twitter.com/djrbliss/statuses/334301992648331267 http://www.reddit.com/r/netsec/comments/1eb9iw http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html http://www.ubuntu.com/usn/USN-1825-1 http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2022-09-15 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nessus https://www.tenable.com/plugins/nessus/201741 2024-07-03 22:34:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

vnik5287/CVE-2013-2094

Type: github • Created: 2019-07-23 12:31:55 UTC • Stars: 1

perf_swevent_init

Pashkela/CVE-2013-2094

Type: github • Created: 2013-06-16 11:53:36 UTC • Stars: 4

CVE-2013-2094 Linux 2.6.32/2.6.37 - 3.8.10 PERF_EVENTS local root x86/x86_64

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel

  • Detected by Nessus