CVE-2013-2094
85Vexday Risk Score
Prioritize patching. It under exploitation confirmed by CISA and has a public proof of concept.
ssvc Actcvss 8.4epss 48%
from disclosure to weapon0 days
Published on NVDMay 14
1st PoCMay 14
CISA KEV+3411d
exploitation probability
48%top 1% of all CVEs
observed exploitation
yesCISA + VulnCheck
17 public exploit(s)
Action required by CISAfederal deadline: 2022-10-06
Apply updates per vendor instructions.
In short
A flaw in Linux kernel's performance monitoring tool allows a local user to gain administrator privileges by sending a specially crafted system call. This is dangerous because any user on the system can exploit it to take control.
Technical detail
CVE-2013-2094 involves an integer type confusion in perf_swevent_init (kernel/events/core.c) that permits local privilege escalation via malformed perf_event_open syscall arguments. The vulnerability requires local access but no special privileges, leading to kernel code execution and full system compromise.
Summary generated and translated by AI from the official description.
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 17
githubgithub.com/realtalk/cve-2013-2094★ 91githubgithub.com/hiikezoe/libperf_event_exploit★ 17githubgithub.com/Pashkela/CVE-2013-2094★ 4githubgithub.com/timhsutw/cve-2013-2094★ 3githubgithub.com/vnik5287/CVE-2013-2094★ 1githubgithub.com/letsr00t/CVE-2013-2094★ 0githubgithub.com/tarunyadav/fix-cve-2013-2094★ 0vulncheckvulncheck.com/xdb/1590c8e66264unverifiedvulncheckvulncheck.com/xdb/7ffd21fa0ec4unverifiedcve_referencepacketstormsecurity.com/files/121616/semtex.cunverifiedvulncheckvulncheck.com/xdb/1b5a2f6d40caunverifiedcve_referencewww.exploit-db.com/exploits/33589unverifiedexploitdbwww.exploit-db.com/exploits/25444unverifiedexploitdbwww.exploit-db.com/exploits/33589unverifiedexploitdbwww.exploit-db.com/exploits/26131unverifiedvulncheckvulncheck.com/xdb/553d40d9c74cunverifiedvulncheckvulncheck.com/xdb/9dbfce6b00bcunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02fhttp://lists.centos.org/pipermail/centos-announce/2013-May/019729.htmlhttp://lists.centos.org/pipermail/centos-announce/2013-May/019733.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.htmlhttp://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.htmlhttp://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.htmlhttp://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.htmlhttp://news.ycombinator.com/item?id=5703758