CVE-2013-2094

Public on 2013-05-14
Modified on 2014-09-15
Description

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Severity
Important
See what this means
CVSS v3 Base Score
7.2
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 kernel 2013-05-14 ALAS-2013-190

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C
NVD CVSSv2 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C