CVE-2013-2094 - Vulnerability Details

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since Sept. 15, 2022.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Mrg Rhel Eus

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
kernel-0:2.6.32-358.6.2.el6	cpe:/o:redhat:enterprise_linux:6	RHSA-2013:0830	2013-05-16T00:00:00Z
Red Hat Enterprise Linux 6.1 EUS - Server Only
kernel-0:2.6.32-131.39.1.el6	cpe:/o:redhat:rhel_eus:6.1	RHSA-2013:0841	2013-05-20T00:00:00Z
Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only
kernel-0:2.6.32-220.34.2.el6	cpe:/o:redhat:rhel_eus:6.2	RHSA-2013:0840	2013-05-20T00:00:00Z
Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only
kernel-0:2.6.32-279.25.2.el6	cpe:/o:redhat:rhel_eus:6.3	RHSA-2013:0832	2013-05-17T00:00:00Z
Red Hat Enterprise MRG 2
kernel-rt-0:3.6.11.2-rt33.39.el6rt	cpe:/a:redhat:enterprise_mrg:2:server:el6	RHSA-2013:0829	2013-05-20T00:00:00Z

References

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html
http://news.ycombinator.com/item?id=5703758
http://packetstormsecurity.com/files/121616/semtex.c
http://rhn.redhat.com/errata/RHSA-2013-0830.html
http://twitter.com/djrbliss/statuses/334301992648331267
http://www.exploit-db.com/exploits/33589
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://www.openwall.com/lists/oss-security/2013/05/14/6
http://www.osvdb.org/93361
http://www.reddit.com/r/netsec/comments/1eb9iw
http://www.ubuntu.com/usn/USN-1825-1
http://www.ubuntu.com/usn/USN-1826-1
http://www.ubuntu.com/usn/USN-1827-1
http://www.ubuntu.com/usn/USN-1828-1
http://www.ubuntu.com/usn/USN-1836-1
http://www.ubuntu.com/usn/USN-1838-1
https://bugzilla.redhat.com/show_bug.cgi?id=962792
https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f
https://nvd.nist.gov/vuln/detail/CVE-2013-2094
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2013-2094

History

Tue, 04 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}` kev `{'dateAdded': '2022-09-15'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 13 Aug 2024 23:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-05-14T20:00:00.000Z

Updated: 2025-02-04T19:21:10.051Z

Reserved: 2013-02-19T00:00:00.000Z

Link: CVE-2013-2094

Vulnrichment

Updated: 2024-08-06T15:27:41.124Z

NVD

Status : Deferred

Published: 2013-05-14T20:55:01.527

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-2094

Redhat

Severity : Important

Publid Date: 2013-05-14T00:00:00Z

Links: CVE-2013-2094 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-12T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-01-04T17:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2013:0847", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html"}, {"name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html"}, {"name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"}, {"name": "USN-1826-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1826-1"}, {"name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html"}, {"name": "USN-1838-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1838-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"name": "USN-1828-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1828-1"}, {"name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"}, {"name": "USN-1827-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1827-1"}, {"name": "USN-1836-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1836-1"}, {"name": "93361", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/93361"}, {"name": "33589", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/33589"}, {"name": "RHSA-2013:0830", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html"}, {"tags": ["x_refsource_MISC"], "url": "http://news.ycombinator.com/item?id=5703758"}, {"name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f"}, {"name": "SUSE-SU-2013:0819", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/121616/semtex.c"}, {"name": "openSUSE-SU-2013:0925", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"tags": ["x_refsource_MISC"], "url": "http://twitter.com/djrbliss/statuses/334301992648331267"}, {"tags": ["x_refsource_MISC"], "url": "http://www.reddit.com/r/netsec/comments/1eb9iw"}, {"name": "openSUSE-SU-2013:1042", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html"}, {"name": "USN-1825-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-1825-1"}, {"name": "openSUSE-SU-2013:0951", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:41.124Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2013:0847", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html"}, {"name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html"}, {"name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"}, {"name": "USN-1826-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1826-1"}, {"name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html"}, {"name": "USN-1838-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1838-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"name": "USN-1828-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1828-1"}, {"name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"}, {"name": "USN-1827-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1827-1"}, {"name": "USN-1836-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1836-1"}, {"name": "93361", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/93361"}, {"name": "33589", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/33589"}, {"name": "RHSA-2013:0830", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://news.ycombinator.com/item?id=5703758"}, {"name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f"}, {"name": "SUSE-SU-2013:0819", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/121616/semtex.c"}, {"name": "openSUSE-SU-2013:0925", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://twitter.com/djrbliss/statuses/334301992648331267"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.reddit.com/r/netsec/comments/1eb9iw"}, {"name": "openSUSE-SU-2013:1042", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html"}, {"name": "USN-1825-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-1825-1"}, {"name": "openSUSE-SU-2013:0951", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T19:21:02.735859Z", "id": "CVE-2013-2094", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-09-15", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2094"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T19:21:10.051Z"}}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2094", "datePublished": "2013-05-14T20:00:00.000Z", "dateReserved": "2013-02-19T00:00:00.000Z", "dateUpdated": "2025-02-04T19:21:10.051Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html", "name": "openSUSE-SU-2013:0847", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176", "name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"]}, {"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html", "name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html", "name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html", "name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1826-1", "name": "USN-1826-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html", "name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1838-1", "name": "USN-1838-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1828-1", "name": "USN-1828-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html", "name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1827-1", "name": "USN-1827-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1836-1", "name": "USN-1836-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://www.osvdb.org/93361", "name": "93361", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"]}, {"url": "http://www.exploit-db.com/exploits/33589", "name": "33589", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html", "name": "RHSA-2013:0830", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "http://news.ycombinator.com/item?id=5703758", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2013/05/14/6", "name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html", "name": "SUSE-SU-2013:0819", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/121616/semtex.c", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html", "name": "openSUSE-SU-2013:0925", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://twitter.com/djrbliss/statuses/334301992648331267", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.reddit.com/r/netsec/comments/1eb9iw", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html", "name": "openSUSE-SU-2013:1042", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.ubuntu.com/usn/USN-1825-1", "name": "USN-1825-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html", "name": "openSUSE-SU-2013:0951", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:27:41.124Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2013-2094", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T19:21:02.735859Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-09-15", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2094"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T19:18:45.843Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-12T00:00:00.000Z", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html", "name": "openSUSE-SU-2013:0847", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176", "name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"]}, {"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html", "name": "[linux-kernel] 20130413 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html", "name": "[linux-kernel] 20130412 sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html", "name": "[CentOS-announce] 20130517 CESA-2013:0830 Important CentOS 6 kernel Update", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.ubuntu.com/usn/USN-1826-1", "name": "USN-1826-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html", "name": "[linux-kernel] 20130412 Re: sw_perf_event_destroy() oops while fuzzing", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.ubuntu.com/usn/USN-1838-1", "name": "USN-1838-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.ubuntu.com/usn/USN-1828-1", "name": "USN-1828-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html", "name": "[CentOS-announce] 20130515 CentOS-6 CVE-2013-2094 Kernel Issue", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.ubuntu.com/usn/USN-1827-1", "name": "USN-1827-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.ubuntu.com/usn/USN-1836-1", "name": "USN-1836-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://www.osvdb.org/93361", "name": "93361", "tags": ["vdb-entry", "x_refsource_OSVDB"]}, {"url": "http://www.exploit-db.com/exploits/33589", "name": "33589", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html", "name": "RHSA-2013:0830", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "http://news.ycombinator.com/item?id=5703758", "tags": ["x_refsource_MISC"]}, {"url": "http://www.openwall.com/lists/oss-security/2013/05/14/6", "name": "[oss-security] 20130514 Re: CVE Request: linux kernel perf out-of-bounds access", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html", "name": "SUSE-SU-2013:0819", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://packetstormsecurity.com/files/121616/semtex.c", "tags": ["x_refsource_MISC"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html", "name": "openSUSE-SU-2013:0925", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://twitter.com/djrbliss/statuses/334301992648331267", "tags": ["x_refsource_MISC"]}, {"url": "http://www.reddit.com/r/netsec/comments/1eb9iw", "tags": ["x_refsource_MISC"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html", "name": "openSUSE-SU-2013:1042", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.ubuntu.com/usn/USN-1825-1", "name": "USN-1825-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html", "name": "openSUSE-SU-2013:0951", "tags": ["vendor-advisory", "x_refsource_SUSE"]}], "descriptions": [{"lang": "en", "value": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2017-01-04T17:57:01.000Z"}}}, "cveMetadata": {"cveId": "CVE-2013-2094", "state": "PUBLISHED", "dateUpdated": "2025-02-04T19:21:10.051Z", "dateReserved": "2013-02-19T00:00:00.000Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2013-05-14T20:00:00.000Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-10-06", "cisaExploitAdd": "2022-09-15", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A84D169-58BB-49ED-A9F4-776E182C22D8", "versionEndExcluding": "3.0.75", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "88DA168C-393B-4853-8034-6E9099CC9623", "versionEndExcluding": "3.2.45", "versionStartIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FECB4AF-F9DF-44E3-BD62-741D5D129053", "versionEndExcluding": "3.4.42", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E3C2571-AFE5-4ED0-810D-232092DD0220", "versionEndExcluding": "3.8.9", "versionStartIncluding": "3.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call."}, {"lang": "es", "value": "La funci\u00f3n perf_swevent_init en kernel/events/core.c en el Kernel de Linux anterior a v3.8.9 usa un tipo de datos entero incorrecto, lo que permite a usuarios locales ganar privilegios mediante una llamada al sistema perf_event_open especialmente dise\u00f1ada."}], "id": "CVE-2013-2094", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2013-05-14T20:55:01.527", "references": [{"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://news.ycombinator.com/item?id=5703758"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/121616/semtex.c"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://twitter.com/djrbliss/statuses/334301992648331267"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/33589"}, {"source": "secalert@redhat.com", "tags": ["Not Applicable"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/93361"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.reddit.com/r/netsec/comments/1eb9iw"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1825-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1826-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1827-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1828-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1836-1"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1838-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://news.ycombinator.com/item?id=5703758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/121616/semtex.c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0830.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://twitter.com/djrbliss/statuses/334301992648331267"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/33589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2013/05/14/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/93361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.reddit.com/r/netsec/comments/1eb9iw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1825-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1826-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1827-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1828-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1836-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-1838-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:0830", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-358.6.2.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-05-16T00:00:00Z"}, {"advisory": "RHSA-2013:0841", "cpe": "cpe:/o:redhat:rhel_eus:6.1", "package": "kernel-0:2.6.32-131.39.1.el6", "product_name": "Red Hat Enterprise Linux 6.1 EUS - Server Only", "release_date": "2013-05-20T00:00:00Z"}, {"advisory": "RHSA-2013:0840", "cpe": "cpe:/o:redhat:rhel_eus:6.2", "package": "kernel-0:2.6.32-220.34.2.el6", "product_name": "Red Hat Enterprise Linux 6.2 EUS - Server and Compute Node Only", "release_date": "2013-05-20T00:00:00Z"}, {"advisory": "RHSA-2013:0832", "cpe": "cpe:/o:redhat:rhel_eus:6.3", "package": "kernel-0:2.6.32-279.25.2.el6", "product_name": "Red Hat Enterprise Linux 6.3 EUS - Server and Compute Node Only", "release_date": "2013-05-17T00:00:00Z"}, {"advisory": "RHSA-2013:0829", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-0:3.6.11.2-rt33.39.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2013-05-20T00:00:00Z"}], "bugzilla": {"description": "kernel: perf_swevent_enabled array out-of-bound access", "id": "962792", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962792"}, "csaw": false, "cvss": {"cvss_base_score": "7.2", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-839->CWE-129->CWE-119", "details": ["The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call."], "name": "CVE-2013-2094", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2013-05-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2094\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2094\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue does not affect the kernel packages as shipped with Red Hat Enterprise Linux 5 because we did not backport upstream commit b0a873eb that introduced this issue.\nThis issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0830 (https://rhn.redhat.com/errata/RHSA-2013-0830.html), Red Hat Enterprise Linux 6.1 Extended update support via RHSA-2013:0841 (https://rhn.redhat.com/errata/RHSA-2013-0841.html), Red Hat Enterprise Linux 6.2 Extended update support via RHSA-2013:0840 (https://rhn.redhat.com/errata/RHSA-2013-0840.html), Red Hat Enterprise Linux 6.3 Extended Update Support via RHSA-2013:0832 (https://rhn.redhat.com/errata/RHSA-2013-0832.html), and Red Hat Enterprise MRG 2 via RHSA-2013:0829 (https://rhn.redhat.com/errata/RHSA-2013-0829.html).\nRed Hat Enterprise Linux 6.0 was not affected by this flaw.\nRefer to https://access.redhat.com/site/solutions/373743 for further information.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object