You are here

V-156: Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges

May 15, 2013 - 12:19am

Addthis

PROBLEM:

Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges

PLATFORM:

Version(s): 2.6.37 to 3.8.9

ABSTRACT:

A vulnerability was reported in the Linux Kernel.

REFERENCE LINKS:

Linux Kernel
SecurityTracker Alert ID:  1028565
CVE-2013-2094

IMPACT ASSESSMENT:

Medium

DISCUSSION:

On systems compiled with PERF_EVENTS support, a local user can supply a specially crafted perf_event_open() call to execute arbitrary code on the target system with root privileges.

The vulnerability resides in the perf_swevent_init() function in 'kernel/events/core.c'.

IMPACT:

A local user can obtain root privileges on the target system.

SOLUTION:

The vendor has issued a fix (3.8.9rc8).

Addthis