Vulnerability Details : CVE-2013-4254
The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
Vulnerability category: Memory CorruptionInput validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-4254
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4254
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2013-4254
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4254
-
http://www.ubuntu.com/usn/USN-1972-1
USN-1972-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1973-1
USN-1973-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1975-1
USN-1975-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1970-1
USN-1970-1: Linux kernel (Quantal HWE) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1974-1
USN-1974-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c95eb3184ea1a3a2551df57190c81da695e2144b
-
http://www.openwall.com/lists/oss-security/2013/08/16/6
oss-security - Re: CVE Request: linux-kernel priviledge escalation on ARM/perf
-
http://www.ubuntu.com/usn/USN-1969-1
USN-1969-1: Linux kernel (OMAP4) vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1968-1
USN-1968-1: Linux kernel vulnerabilities | Ubuntu security notices
-
http://www.ubuntu.com/usn/USN-1971-1
USN-1971-1: Linux kernel (Raring HWE) vulnerabilities | Ubuntu security notices
-
https://bugzilla.redhat.com/show_bug.cgi?id=998878
998878 – (CVE-2013-4254) CVE-2013-4254 Kernel: ARM: perf: NULL pointer dereference in validate_event
-
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8
-
https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b
ARM: 7809/1: perf: fix event validation for software group leaders · torvalds/linux@c95eb31 · GitHubPatch
Products affected by CVE-2013-4254
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:arm64:*
- cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:arm64:*
- cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:arm64:*
- cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:arm64:*
- cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:arm64:*
- cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:arm64:*
- cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:arm64:*
- cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:arm64:*