CVE-2013-2094
Detail
Description
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
Metrics
β
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
Base
Score:
NVD assessment
not yet provided.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
Vector:
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace.
We have provided these links to other web sites because they
may have information that would be of interest to you. No
inferences should be drawn on account of other sites being
referenced, or not, from this page. There may be other web
sites that are more appropriate for your purpose. NIST does
not necessarily endorse the views expressed, or concur with
the facts presented on these sites. Further, NIST does not
endorse any commercial products that may be mentioned on
these sites. Please address comments about this page to [email protected].
| URL |
Source(s) |
Tag(s) |
|
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f
|
CVE, Inc., Red Hat |
Not Applicable
|
|
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://news.ycombinator.com/item?id=5703758
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://packetstormsecurity.com/files/121616/semtex.c
|
CVE, Inc., Red Hat |
Exploit
Third Party Advisory
VDB Entry
|
|
http://rhn.redhat.com/errata/RHSA-2013-0830.html
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://twitter.com/djrbliss/statuses/334301992648331267
|
CVE, Inc., Red Hat |
Patch
|
|
http://www.exploit-db.com/exploits/33589
|
CVE, Inc., Red Hat |
Third Party Advisory
VDB Entry
|
|
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
|
CVE, Inc., Red Hat |
Not Applicable
|
|
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
|
CVE, Inc., Red Hat |
Mailing List
Third Party Advisory
|
|
http://www.openwall.com/lists/oss-security/2013/05/14/6
|
CVE, Inc., Red Hat |
Mailing List
Third Party Advisory
|
|
http://www.osvdb.org/93361
|
CVE, Inc., Red Hat |
Broken Link
|
|
http://www.reddit.com/r/netsec/comments/1eb9iw
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://www.ubuntu.com/usn/USN-1825-1
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://www.ubuntu.com/usn/USN-1826-1
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://www.ubuntu.com/usn/USN-1827-1
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://www.ubuntu.com/usn/USN-1828-1
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://www.ubuntu.com/usn/USN-1836-1
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
http://www.ubuntu.com/usn/USN-1838-1
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=962792
|
CVE, Inc., Red Hat |
Issue Tracking
|
|
https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f
|
CVE, Inc., Red Hat |
Third Party Advisory
|
|
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094
|
CISA-ADP |
US Government Resource
|
This CVE is in CISA's Known Exploited Vulnerabilities Catalog
Reference
CISA's BOD 22-01 and Known
Exploited Vulnerabilities Catalog for further guidance and requirements.
| Vulnerability Name |
Date Added |
Due Date |
Required Action |
| Linux Kernel Privilege Escalation Vulnerability |
09/15/2022 |
10/06/2022 |
Apply updates per vendor instructions. |
Change History
17 change records found show changes
CVE Modified by CISA-ADP
6/16/2026 7:52:44 PM
| Action |
Type |
Old Value |
New Value |
| Added |
SSVC |
{"timestamp":"2025-05-01T03:55:11.896804Z","id":"CVE-2013-2094","options":[{"exploitation":"active"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}
|
CVE Modified by Red Hat, Inc.
6/16/2026 7:52:44 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Affected |
[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}]
|
Modified Analysis by NIST
4/22/2026 10:38:13 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference Type |
CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094 Types: US Government Resource
|
CVE Modified by CISA-ADP
10/21/2025 9:15:48 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094
|
CVE Modified by CISA-ADP
10/21/2025 4:16:04 PM
| Action |
Type |
Old Value |
New Value |
| Removed |
Reference |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094
|
CVE Modified by CISA-ADP
10/21/2025 3:16:09 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094
|
Modified Analysis by NIST
4/03/2025 1:59:15 PM
| Action |
Type |
Old Value |
New Value |
CVE Modified by CISA-ADP
2/04/2025 3:15:31 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CVSS V3.1 |
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
Modified Analysis by NIST
12/19/2024 1:30:26 PM
| Action |
Type |
Old Value |
New Value |
CVE Modified by CVE
11/20/2024 8:51:01 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f
|
| Added |
Reference |
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html
|
| Added |
Reference |
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html
|
| Added |
Reference |
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html
|
| Added |
Reference |
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
|
| Added |
Reference |
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
|
| Added |
Reference |
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html
|
| Added |
Reference |
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html
|
| Added |
Reference |
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
|
| Added |
Reference |
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html
|
| Added |
Reference |
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html
|
| Added |
Reference |
http://news.ycombinator.com/item?id=5703758
|
| Added |
Reference |
http://packetstormsecurity.com/files/121616/semtex.c
|
| Added |
Reference |
http://rhn.redhat.com/errata/RHSA-2013-0830.html
|
| Added |
Reference |
http://twitter.com/djrbliss/statuses/334301992648331267
|
| Added |
Reference |
http://www.exploit-db.com/exploits/33589
|
| Added |
Reference |
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
|
| Added |
Reference |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
|
| Added |
Reference |
http://www.openwall.com/lists/oss-security/2013/05/14/6
|
| Added |
Reference |
http://www.osvdb.org/93361
|
| Added |
Reference |
http://www.reddit.com/r/netsec/comments/1eb9iw
|
| Added |
Reference |
http://www.ubuntu.com/usn/USN-1825-1
|
| Added |
Reference |
http://www.ubuntu.com/usn/USN-1826-1
|
| Added |
Reference |
http://www.ubuntu.com/usn/USN-1827-1
|
| Added |
Reference |
http://www.ubuntu.com/usn/USN-1828-1
|
| Added |
Reference |
http://www.ubuntu.com/usn/USN-1836-1
|
| Added |
Reference |
http://www.ubuntu.com/usn/USN-1838-1
|
| Added |
Reference |
https://bugzilla.redhat.com/show_bug.cgi?id=962792
|
| Added |
Reference |
https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f
|
CVE Modified by Red Hat, Inc.
5/13/2024 10:55:07 PM
| Action |
Type |
Old Value |
New Value |
Reanalysis by NIST
3/04/2024 5:58:17 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
CPE Configuration |
OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (excluding) 3.0.75
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.1 up to (excluding) 3.2.45
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.3 up to (excluding) 3.4.42
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.5 up to (excluding) 3.8.9
|
OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.75
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.1 up to (excluding) 3.2.45
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.3 up to (excluding) 3.4.42
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.5 up to (excluding) 3.8.9
|
Modified Analysis by NIST
2/15/2024 1:55:06 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
CPE Configuration |
OR
*cpe:2.3:o:linux:linux_kernel:3.8.0:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:3.8.1:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:3.8.2:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:3.8.3:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:3.8.4:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:3.8.5:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:3.8.6:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:3.8.7:*:*:*:*:*:*:*
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to (including) 3.8.8
|
OR
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (excluding) 3.0.75
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.1 up to (excluding) 3.2.45
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.3 up to (excluding) 3.4.42
*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 3.5 up to (excluding) 3.8.9
|
| Changed |
Reference Type |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f No Types Assigned
|
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f Not Applicable
|
| Changed |
Reference Type |
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html No Types Assigned
|
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html No Types Assigned
|
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html No Types Assigned
|
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html No Types Assigned
|
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html No Types Assigned
|
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html No Types Assigned
|
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html No Types Assigned
|
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html No Types Assigned
|
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html No Types Assigned
|
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html No Types Assigned
|
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html Third Party Advisory
|
| Changed |
Reference Type |
http://news.ycombinator.com/item?id=5703758 No Types Assigned
|
http://news.ycombinator.com/item?id=5703758 Third Party Advisory
|
| Changed |
Reference Type |
http://packetstormsecurity.com/files/121616/semtex.c Exploit
|
http://packetstormsecurity.com/files/121616/semtex.c Exploit, Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://rhn.redhat.com/errata/RHSA-2013-0830.html No Types Assigned
|
http://rhn.redhat.com/errata/RHSA-2013-0830.html Third Party Advisory
|
| Changed |
Reference Type |
http://www.exploit-db.com/exploits/33589 No Types Assigned
|
http://www.exploit-db.com/exploits/33589 Third Party Advisory, VDB Entry
|
| Changed |
Reference Type |
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 No Types Assigned
|
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 Not Applicable
|
| Changed |
Reference Type |
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 No Types Assigned
|
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 Mailing List, Third Party Advisory
|
| Changed |
Reference Type |
http://www.openwall.com/lists/oss-security/2013/05/14/6 No Types Assigned
|
http://www.openwall.com/lists/oss-security/2013/05/14/6 Mailing List, Third Party Advisory
|
| Changed |
Reference Type |
http://www.osvdb.org/93361 No Types Assigned
|
http://www.osvdb.org/93361 Broken Link
|
| Changed |
Reference Type |
http://www.reddit.com/r/netsec/comments/1eb9iw No Types Assigned
|
http://www.reddit.com/r/netsec/comments/1eb9iw Third Party Advisory
|
| Changed |
Reference Type |
http://www.ubuntu.com/usn/USN-1825-1 No Types Assigned
|
http://www.ubuntu.com/usn/USN-1825-1 Third Party Advisory
|
| Changed |
Reference Type |
http://www.ubuntu.com/usn/USN-1826-1 No Types Assigned
|
http://www.ubuntu.com/usn/USN-1826-1 Third Party Advisory
|
| Changed |
Reference Type |
http://www.ubuntu.com/usn/USN-1827-1 No Types Assigned
|
http://www.ubuntu.com/usn/USN-1827-1 Third Party Advisory
|
| Changed |
Reference Type |
http://www.ubuntu.com/usn/USN-1828-1 No Types Assigned
|
http://www.ubuntu.com/usn/USN-1828-1 Third Party Advisory
|
| Changed |
Reference Type |
http://www.ubuntu.com/usn/USN-1836-1 No Types Assigned
|
http://www.ubuntu.com/usn/USN-1836-1 Third Party Advisory
|
| Changed |
Reference Type |
http://www.ubuntu.com/usn/USN-1838-1 No Types Assigned
|
http://www.ubuntu.com/usn/USN-1838-1 Third Party Advisory
|
| Changed |
Reference Type |
https://bugzilla.redhat.com/show_bug.cgi?id=962792 No Types Assigned
|
https://bugzilla.redhat.com/show_bug.cgi?id=962792 Issue Tracking
|
| Changed |
Reference Type |
https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f No Types Assigned
|
https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f Third Party Advisory
|
CVE Modified by Red Hat, Inc.
2/12/2023 11:42:49 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
Description |
CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access
|
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
|
| Removed |
CVSS V2 |
Red Hat, Inc. (AV:L/AC:L/Au:N/C:C/I:C/A:C)
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2013:0829 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2013:0830 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2013:0832 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2013:0840 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/errata/RHSA-2013:0841 [No Types Assigned]
|
| Removed |
Reference |
https://access.redhat.com/security/cve/CVE-2013-2094 [No Types Assigned]
|
CVE Modified by Red Hat, Inc.
2/02/2023 1:17:34 PM
| Action |
Type |
Old Value |
New Value |
| Changed |
Description |
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
|
CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access
|
| Added |
CVSS V2 |
Red Hat, Inc. (AV:L/AC:L/Au:N/C:C/I:C/A:C)
|
| Added |
Reference |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2013:0829 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2013:0830 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2013:0832 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2013:0840 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/errata/RHSA-2013:0841 [No Types Assigned]
|
| Added |
Reference |
https://access.redhat.com/security/cve/CVE-2013-2094 [No Types Assigned]
|
| Removed |
Reference |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8176cced706b5e5d15887584150764894e94e02f [Patch]
|
CVE Modified by Red Hat, Inc.
1/06/2017 9:59:10 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
http://www.exploit-db.com/exploits/33589 [No Types Assigned]
|
| Added |
Reference |
http://www.osvdb.org/93361 [No Types Assigned]
|
Initial CVE Analysis
5/14/2013 7:31:00 PM
| Action |
Type |
Old Value |
New Value |
Quick Info
CVE Dictionary Entry: CVE-2013-2094 NVD
Published Date: 05/14/2013 NVD
Last Modified: 06/16/2026
Source: Red Hat, Inc.
|
