CVE-2013-4254

Published Aug 25, 2013

Last updated 2 years ago

Overview

Description: The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "FEDB8FE7-327F-45FB-8C4B-9D17B22CC444",
            "versionEndIncluding": "3.10.7"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.0:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "C8409226-20A1-4549-9E11-6D0C3C38DCCE"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.1:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "77482843-364E-471F-A909-F373376FAEF5"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.2:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "7E0221EF-13B8-42A2-8CEB-B95BDA2A2F5F"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.3:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "4F8A1100-F68D-4352-AB8D-B40AD97AE0EC"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.4:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "991EF15A-B6DD-4D7F-87B5-144ED86642DF"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.5:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "DDA334EC-14D7-4220-ABBE-6D091A4EE374"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:3.10.6:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "A76A48F9-591E-4884-B758-A8E438ECC9C1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References