CVE-2013-4254

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c95eb3184ea1a3a2551df57190c81da695e2144b

http://secunia.com/advisories/54494

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8

http://www.openwall.com/lists/oss-security/2013/08/16/6

http://www.ubuntu.com/usn/USN-1968-1

http://www.ubuntu.com/usn/USN-1969-1

http://www.ubuntu.com/usn/USN-1970-1

http://www.ubuntu.com/usn/USN-1971-1

http://www.ubuntu.com/usn/USN-1972-1

http://www.ubuntu.com/usn/USN-1973-1

http://www.ubuntu.com/usn/USN-1974-1

http://www.ubuntu.com/usn/USN-1975-1

https://bugzilla.redhat.com/show_bug.cgi?id=998878

https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b

Details

Source: MITRE

Published: 2013-08-25

Updated: 2013-10-02

Type: CWE-20

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
75364openSUSE Security Update : kernel (openSUSE-SU-2014:0677-1)NessusSuSE Local Security Checks
high
70194Ubuntu 13.04 : linux vulnerabilities (USN-1974-1)NessusUbuntu Local Security Checks
medium
70193Ubuntu 12.10 : linux vulnerabilities (USN-1972-1)NessusUbuntu Local Security Checks
medium
70192Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-1971-1)NessusUbuntu Local Security Checks
medium
70191Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-1970-1)NessusUbuntu Local Security Checks
medium
70190Ubuntu 12.04 LTS : linux vulnerabilities (USN-1968-1)NessusUbuntu Local Security Checks
medium
70162Mandriva Linux Security Advisory : kernel (MDVSA-2013:242)NessusMandriva Local Security Checks
medium
69452Fedora 19 : kernel-3.10.9-200.fc19 (2013-15198)NessusFedora Local Security Checks
medium
69451Fedora 18 : kernel-3.10.9-100.fc18 (2013-15151)NessusFedora Local Security Checks
medium