{"vuid":"VU#774103","idnumber":"774103","name":"Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerability","keywords":["linux","kernel","perf_swevent_enabled","privilege escalation"],"overview":"The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges.","clean_desc":"The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges. Additional analysis of the vulnerability may be found in the Red Hat bug report. A public exploit is available that has been reported to work against some Linux distributions.","impact":"A local authenticated user may be able to exploit this vulnerability to escalate privileges.","resolution":"Apply an Update Red Hat, Debian, CentOS, and Ubuntu have all released patches. Users should receive the patches through their Linux distributions' normal update process. Affected Distributions\nRed Hat Enterprise Linux 6 & Red Hat Enterprise MRG 2\nCentOS 6\nDebian 7.0 (Wheezy)\nUbuntu 12.04 LTS, 12.10, 13.04\nOther distributions may be affected but were not confirmed at the time of publication.","workarounds":"If you are unable to upgrade, please consider the following workaround. Red Hat has provided mitigation advice in Red Hat Knowledge Solution 373743.","sysaffected":"","thanks":"Tommi Rantala \ndiscovered\n this vulnerability.","author":"This document was written by Jared Allar.","public":["https://rhn.redhat.com/errata/RHSA-2013-0830.html","http://www.debian.org/security/2013/dsa-2669","http://www.ubuntu.com/usn/usn-1825-1/","http://www.ubuntu.com/usn/usn-1826-1/","http://www.ubuntu.com/usn/usn-1827-1/","http://www.ubuntu.com/usn/usn-1828-1/","http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html","http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html","https://bugzilla.redhat.com/show_bug.cgi?id=962792","https://bugzilla.redhat.com/show_bug.cgi?id=962792#c16","https://bugzilla.redhat.com/show_bug.cgi?id=962799","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b0a873ebbf87bf38bf70b5e39a7cadc96099fa13","http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/kernel/events/core.c?id=8176cced706b5e5d15887584150764894e94e02f","http://packetstormsecurity.com/files/121616/semtex.c","http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html","http://www.reddit.com/r/netsec/comments/1eb9iw/sdfucksheeporgs_semtexc_local_linux_root_exploit/c9ykrck"],"cveids":["CVE-2013-2094"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-05-14T18:55:01Z","publicdate":"2013-05-14T00:00:00Z","datefirstpublished":"2013-05-17T15:52:40Z","dateupdated":"2013-05-17T16:00:53Z","revision":28,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.8","cvss_basevector":"AV:L/AC:L/Au:S/C:C/I:C/A:C","cvss_temporalscore":"5.9","cvss_environmentalscore":"4.4","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}