Vulnerability Note VU#774103

Linux kernel perf_swevent_enabled array out-of-bound access privilege escalation vulnerability

Original Release date: 17 May 2013 | Last revised: 17 May 2013

Overview

The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges.

Description

The Linux kernel's Performance Events implementation is susceptible to an out-of-bounds array vulnerability that may be used by a local unprivileged user to escalate privileges. Additional analysis of the vulnerability may be found in the Red Hat bug report. A public exploit is available that has been reported to work against some Linux distributions.

Impact

A local authenticated user may be able to exploit this vulnerability to escalate privileges.

Solution

Apply an Update

Red Hat, Debian, CentOS, and Ubuntu have all released patches. Users should receive the patches through their Linux distributions' normal update process.

Affected Distributions

  • Red Hat Enterprise Linux 6 & Red Hat Enterprise MRG 2
  • CentOS 6
  • Debian 7.0 (Wheezy)
  • Ubuntu 12.04 LTS, 12.10, 13.04
Other distributions may be affected but were not confirmed at the time of publication.

If you are unable to upgrade, please consider the following workaround.

Red Hat has provided mitigation advice in Red Hat Knowledge Solution 373743.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
CentOSAffected-17 May 2013
Debian GNU/LinuxAffected-17 May 2013
Red Hat, Inc.Affected-17 May 2013
UbuntuAffected-17 May 2013
Fedora ProjectUnknown-17 May 2013
Slackware Linux Inc.Unknown-17 May 2013
SUSE LinuxUnknown-17 May 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal 5.9 E:ND/RL:OF/RC:C
Environmental 4.4 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND

References

Credit

Tommi Rantala discovered this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs: CVE-2013-2094
  • Date Public: 14 May 2013
  • Date First Published: 17 May 2013
  • Date Last Updated: 17 May 2013
  • Document Revision: 26

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.