A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions. CentOS even backported the vulnerability to 2.6.32.
Impact is local privilege escalation, and exploit code is readily available.
More information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094
Hat tip: James for sending us some pointers to this.
May 14th 2013
6 years ago