CVE-2013-2094

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

From the Ubuntu Security Team

An flaw was discovered in the Linux kernel's perf_events interface. A local user could exploit this flaw to escalate privileges on the system.

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-1839-1
• Linux kernel (OMAP4) vulnerabilities
• 28 May 2013
• USN-1836-1
• Linux kernel (OMAP4) vulnerabilities
• 24 May 2013
• USN-1828-1
• Linux kernel (Quantal HWE) vulnerability
• 16 May 2013
• USN-1826-1
• Linux kernel vulnerability
• 16 May 2013
• USN-1838-1
• Linux kernel (OMAP4) vulnerabilities
• 30 May 2013
• USN-1825-1
• Linux kernel vulnerability
• 16 May 2013
• USN-1849-1
• Linux kernel (Raring HWE) vulnerability
• 31 May 2013
• USN-1827-1
• Linux kernel vulnerability
• 16 May 2013

Other references

• https://www.cve.org/CVERecord?id=CVE-2013-2094
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog