search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerability

Vulnerability Note VU#774103

Original Release Date: 2013-05-17 | Last Revised: 2013-05-17

Overview

The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges.

Description

The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges. Additional analysis of the vulnerability may be found in the Red Hat bug report. A public exploit is available that has been reported to work against some Linux distributions.

Impact

A local authenticated user may be able to exploit this vulnerability to escalate privileges.

Solution

Apply an Update

Red Hat, Debian, CentOS, and Ubuntu have all released patches. Users should receive the patches through their Linux distributions' normal update process.

Affected Distributions

    • Red Hat Enterprise Linux 6 & Red Hat Enterprise MRG 2
    • CentOS 6
    • Debian 7.0 (Wheezy)
    • Ubuntu 12.04 LTS, 12.10, 13.04
Other distributions may be affected but were not confirmed at the time of publication.

If you are unable to upgrade, please consider the following workaround.

Red Hat has provided mitigation advice in Red Hat Knowledge Solution 373743.

Vendor Information

774103
 
Expand all

CentOS Affected

Updated:  May 17, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Debian GNU/Linux Affected

Updated:  May 17, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Red Hat, Inc. Affected

Updated:  May 17, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Ubuntu Affected

Updated:  May 17, 2013

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

Fedora Project Unknown

Updated:  May 17, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

SUSE Linux Unknown

Updated:  May 17, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Slackware Linux Inc. Unknown

Updated:  May 17, 2013

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal 5.9 E:ND/RL:OF/RC:C
Environmental 4.4 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Acknowledgements

Tommi Rantala discovered this vulnerability.

This document was written by Jared Allar.

Other Information

CVE IDs: CVE-2013-2094
Date Public: 2013-05-14
Date First Published: 2013-05-17
Date Last Updated: 2013-05-17 16:00 UTC
Document Revision: 28

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis