CVE-2013-2094 — Linux Kernel Privilege Escalation Vulnerability
2022-09-15 • CISA Known Exploited Vulnerability
[event] Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Linux |
| Product | Kernel |
| CWE | CWE-189 |
| CVE ID | CVE-2013-2094 |
| Date Added | 2022-09-15 |
| Due Date | 2022-10-06 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-10-06