CVE-2013-2094
Published: 14 May 2013
Summary
CVE-2013-2094 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 8.4 (High).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an integer type handling flaw in the perf_swevent_init function located in kernel/events/core.c of the Linux kernel prior to version 3.8.9. It stems from use of an incorrect data type when processing inputs to the perf_event_open system call and is tracked under CWE-189 with a CVSS score of 8.4.
Local users can exploit the issue by supplying a crafted perf_event_open call, resulting in privilege escalation that grants full control over the system with impacts to confidentiality, integrity, and availability.
Upstream remediation is provided by the referenced kernel commit, while distribution advisories for CentOS and openSUSE detail the availability of updated packages that address the flaw through backported fixes.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2013-2068
Vulnerability details
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
- CWE(s)
- KEV Date Added
- 15 September 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the upstream kernel patch that corrects the integer type flaw in perf_swevent_init.
Restricts local user privileges so that successful exploitation of the perf_event_open flaw cannot yield full root control.
Allows disabling or restricting the perf subsystem when not required, eliminating the attack surface exposed by the crafted system call.