Cyber Resilience

CVE-2013-2094

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 14 May 2013

Published
14 May 2013
Modified
22 April 2026
KEV Added
15 September 2022
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.6585 98.5th percentile
Risk Priority 76 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-2094 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 8.4 (High).

Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is an integer type handling flaw in the perf_swevent_init function located in kernel/events/core.c of the Linux kernel prior to version 3.8.9. It stems from use of an incorrect data type when processing inputs to the perf_event_open system call and is tracked under CWE-189 with a CVSS score of 8.4.

Local users can exploit the issue by supplying a crafted perf_event_open call, resulting in privilege escalation that grants full control over the system with impacts to confidentiality, integrity, and availability.

Upstream remediation is provided by the referenced kernel commit, while distribution advisories for CentOS and openSUSE detail the availability of updated packages that address the flaw through backported fixes.

EU & UK References

Vulnerability details

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

CWE(s)
KEV Date Added
15 September 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
≤ 3.0.75 · 3.1 — 3.2.45 · 3.3 — 3.4.42

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the upstream kernel patch that corrects the integer type flaw in perf_swevent_init.

prevent

Restricts local user privileges so that successful exploitation of the perf_event_open flaw cannot yield full root control.

prevent

Allows disabling or restricting the perf subsystem when not required, eliminating the attack surface exposed by the crafted system call.

References