Home / Vulnerabilities / CVE-2013-2094
HIGH SEVERITY
CVE-2013-2094Linux · Kernel

Linux Kernel Privilege Escalation Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
8.4 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

65.85 %
Predictive Probability
Percentile Rank
98.5 th

Documented as more likely to be exploited than 98.5% of known CVEs.

Detection Date

Sep 15, 2022

Remediation Due

Oct 06, 2022

CISA Catalog Active

Threat Analysis

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.

Remediation Directive

Apply updates per vendor instructions.

External Intelligence

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2013-2094