CVE-2013-2094

Linux Kernel Privilege Escalation Vulnerability

Severity Score

7.2

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

La función perf_swevent_init en kernel/events/core.c en el Kernel de Linux anterior a v3.8.9 usa un tipo de datos entero incorrecto, lo que permite a usuarios locales ganar privilegios mediante una llamada al sistema perf_event_open especialmente diseñada.

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.

*Credits: N/A

CVSS Scores

NISTv2 7.2

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-05-14 CVE Published
2013-05-14 First Exploit
2022-09-15 Exploited in Wild
2022-10-06 KEV Due Date
2024-08-06 CVE Updated
2024-10-09 EPSS Updated

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-189: Numeric Errors

CAPEC

References (35)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f	Not Applicable
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html	Mailing List
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html	Mailing List
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html	Mailing List
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html	Mailing List
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html	Mailing List
http://news.ycombinator.com/item?id=5703758	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9	Not Applicable
http://www.openwall.com/lists/oss-security/2013/05/14/6	Mailing List
http://www.osvdb.org/93361	Broken Link
http://www.reddit.com/r/netsec/comments/1eb9iw	Third Party Advisory
https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/25444	2013-05-14
https://www.exploit-db.com/exploits/26131	2013-06-11
https://www.exploit-db.com/exploits/33589	2014-05-31
https://github.com/Pashkela/CVE-2013-2094	2013-06-16
https://github.com/vnik5287/CVE-2013-2094	2019-07-23
http://packetstormsecurity.com/files/121616/semtex.c	2024-08-06
http://www.exploit-db.com/exploits/33589	2024-08-06

URL	Date	SRC
http://twitter.com/djrbliss/statuses/334301992648331267	2024-03-04

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html	2024-03-04
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html	2024-03-04
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html	2024-03-04
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html	2024-03-04
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html	2024-03-04
http://rhn.redhat.com/errata/RHSA-2013-0830.html	2024-03-04
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176	2024-03-04
http://www.ubuntu.com/usn/USN-1825-1	2024-03-04
http://www.ubuntu.com/usn/USN-1826-1	2024-03-04
http://www.ubuntu.com/usn/USN-1827-1	2024-03-04
http://www.ubuntu.com/usn/USN-1828-1	2024-03-04
http://www.ubuntu.com/usn/USN-1836-1	2024-03-04
http://www.ubuntu.com/usn/USN-1838-1	2024-03-04
https://bugzilla.redhat.com/show_bug.cgi?id=962792	2013-05-20
https://access.redhat.com/security/cve/CVE-2013-2094	2013-05-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 3.0.75 Search vendor "Linux" for product "Linux Kernel" and version " < 3.0.75"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.1 < 3.2.45 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.3 < 3.4.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"		-		Affected
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				>= 3.5 < 3.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"		-		Affected