CVE-2013-2094
Linux Kernel Privilege Escalation Vulnerability
CVSS
—
No CVSS
EPSS
47.7%
p99
KEV
YES
Sep 15, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Linux / Kernel
Vulnerability
Linux Kernel Privilege Escalation Vulnerability
Added to KEV
Sep 15, 2022
Remediate by
Oct 6, 2022
Known ransomware use
No
Summary description
Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.
Required action
Apply updates per vendor instructions.
Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094