Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges
Version(s): 2.6.37 to 3.8.9
A vulnerability was reported in the Linux Kernel.
On systems compiled with PERF_EVENTS support, a local user can supply a specially crafted perf_event_open() call to execute arbitrary code on the target system with root privileges.
The vulnerability resides in the perf_swevent_init() function in 'kernel/events/core.c'.
A local user can obtain root privileges on the target system.