CVE-2013-2094 kernel: perf_swevent_enabled array out-of-bound access
A flaw was found in the way index into perf_swevent_enabled array was sanitized.
A local unprivileged user can use this flaw to increase their privileges on the system.
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b0a873ebbf87bf38bf70b5e39a7cadc96099fa13
Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f
References:
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html
https://news.ycombinator.com/item?id=5703758
http://packetstormsecurity.com/files/121616/semtex.c
(from redmine: issue id 1859, created on 2013-05-15, closed on 2013-05-16)
- Relations:
- child #1860 (closed)
- child #1861 (closed)
- child #1862 (closed)
- child #1863 (closed)
- child #1871 (closed)
- child #1872 (closed)
- child #1873 (closed)
- child #1874 (closed)