CVE-2013-2094
high-risk
Published 2013-05-14
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
Do I need to act?
!
65.9% chance of exploitation in next 30 days
EPSS score — higher than 34% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (59)
Third Party Advisory
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html
Third Party Advisory
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html
Third Party Advisory
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
Third Party Advisory
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html
Third Party Advisory
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html
Third Party Advisory
http://news.ycombinator.com/item?id=5703758
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0830.html
Third Party Advisory
http://www.exploit-db.com/exploits/33589
Not Applicable
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
Broken Link
http://www.osvdb.org/93361
and 39 more references
64
/ 100
high-risk
Severity
26/34 · High
Exploitability
33/34 · Critical
Exposure
5/34 · Minimal