6.9

CVE-2013-4254

The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel HwPlatformarm64 Version <= 3.10.7
LinuxLinux Kernel Version3.10.0 HwPlatformarm64
LinuxLinux Kernel Version3.10.1 HwPlatformarm64
LinuxLinux Kernel Version3.10.2 HwPlatformarm64
LinuxLinux Kernel Version3.10.3 HwPlatformarm64
LinuxLinux Kernel Version3.10.4 HwPlatformarm64
LinuxLinux Kernel Version3.10.5 HwPlatformarm64
LinuxLinux Kernel Version3.10.6 HwPlatformarm64
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.339
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.ubuntu.com/usn/USN-1968-1
http://www.ubuntu.com/usn/USN-1969-1
http://www.ubuntu.com/usn/USN-1970-1
http://www.ubuntu.com/usn/USN-1972-1
http://www.ubuntu.com/usn/USN-1973-1
http://www.ubuntu.com/usn/USN-1975-1
http://www.ubuntu.com/usn/USN-1971-1
http://www.ubuntu.com/usn/USN-1974-1
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=c95eb3184ea1a3a2551df57190c81da695e2144b
http://secunia.com/advisories/54494
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.8
http://www.openwall.com/lists/oss-security/2013/08/16/6
https://bugzilla.redhat.com/show_bug.cgi?id=998878
https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b
Patch