CVE - CVE-2013-2094

CVE-ID
CVE-2013-2094	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
EXPLOIT-DB:33589 URL:http://www.exploit-db.com/exploits/33589 MLIST:[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing URL:http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html MLIST:[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing URL:http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html MLIST:[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing URL:http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html MLIST:[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access URL:http://www.openwall.com/lists/oss-security/2013/05/14/6 MLIST:[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue URL:http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html MLIST:[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update URL:http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html MISC:http://news.ycombinator.com/item?id=5703758 MISC:http://packetstormsecurity.com/files/121616/semtex.c MISC:http://twitter.com/djrbliss/statuses/334301992648331267 MISC:http://www.reddit.com/r/netsec/comments/1eb9iw CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f CONFIRM:http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=962792 CONFIRM:https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f MANDRIVA:MDVSA-2013:176 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 REDHAT:RHSA-2013:0830 URL:http://rhn.redhat.com/errata/RHSA-2013-0830.html SUSE:SUSE-SU-2013:0819 URL:http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html SUSE:openSUSE-SU-2013:0847 URL:http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html SUSE:openSUSE-SU-2013:0925 URL:http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html SUSE:openSUSE-SU-2013:0951 URL:http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html SUSE:openSUSE-SU-2013:1042 URL:http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html UBUNTU:USN-1825-1 URL:http://www.ubuntu.com/usn/USN-1825-1 UBUNTU:USN-1826-1 URL:http://www.ubuntu.com/usn/USN-1826-1 UBUNTU:USN-1827-1 URL:http://www.ubuntu.com/usn/USN-1827-1 UBUNTU:USN-1828-1 URL:http://www.ubuntu.com/usn/USN-1828-1 UBUNTU:USN-1836-1 URL:http://www.ubuntu.com/usn/USN-1836-1 UBUNTU:USN-1838-1 URL:http://www.ubuntu.com/usn/USN-1838-1 OSVDB:93361 URL:http://www.osvdb.org/93361
Assigning CNA
N/A
Date Entry Created
20130219	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org