CVE-2013-2094

CVSS 8.4 HIGHEPSS 47.7%● KEV

In short

A flaw in Linux kernel's performance monitoring tool allows a local user to gain administrator privileges by sending a specially crafted system call. This is dangerous because any user on the system can exploit it to take control.

Technical detail

CVE-2013-2094 involves an integer type confusion in perf_swevent_init (kernel/events/core.c) that permits local privilege escalation via malformed perf_event_open syscall arguments. The vulnerability requires local access but no special privileges, leading to kernel code execution and full system compromise.

Summary generated and translated by AI from the official description.

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 12

githubgithub.com/realtalk/cve-2013-2094★ 91 githubgithub.com/hiikezoe/libperf_event_exploit★ 17 githubgithub.com/Pashkela/CVE-2013-2094★ 4 githubgithub.com/timhsutw/cve-2013-2094★ 3 githubgithub.com/vnik5287/CVE-2013-2094★ 1 githubgithub.com/letsr00t/CVE-2013-2094★ 0 githubgithub.com/tarunyadav/fix-cve-2013-2094★ 0 exploitdbwww.exploit-db.com/exploits/26131unverified cve_referencewww.exploit-db.com/exploits/33589unverified exploitdbwww.exploit-db.com/exploits/25444unverified exploitdbwww.exploit-db.com/exploits/33589unverified cve_referencepacketstormsecurity.com/files/121616/semtex.cunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html http://news.ycombinator.com/item?id=5703758