VDB
DEBIAN-CVE-2013-2094
DEBIAN-CVE-2013-2094
PUBLISHED
CVSS 8.399999618530273 HIGH
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
Risk Scores
CVSS 3.1
8.399999618530273
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | linux | 0, 0, 0 |
| Debian:11 | linux | 0, 0, 0 |
| Debian:14 | linux | 0, 0, 0 |
| Debian:12 | linux | 0, 0, 0 |
Exploit Intelligence
- letsr00t/CVE-2013-2094 (github-poc)
- perf_swevent_init (github-poc)
- CVE-2013-2094 kernel exploit for i386 (github-poc)
- tarunyadav/fix-cve-2013-2094 (github-poc)
- CVE-2013-2094 Linux 2.6.32/2.6.37 - 3.8.10 PERF_EVENTS local root x86/x86_64 (github-poc)
- CVE-2013-2094 exploit for android (github-poc)
- original cve-2013-2094 exploit and a rewritten version for educational purposes (github-poc)
- kev.json (github-poc)
- data.js (github-poc)
Timeline
- May 14, 2013 CVE Published
- Apr 28, 2026 CVE Updated