CVE-2013-4254

The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.

From the Ubuntu Security Team

Vince Weaver discovered a flaw in the perf subsystem of the Linux kernel on ARM platforms. A local user could exploit this flaw to gain privileges or cause a denial of service (system crash).

• How can I get the fixes?
• What do statuses mean?
• Patch details

References

• MITRE
• NVD
• Launchpad
• Debian

Related Ubuntu Security Notices (USN)

• USN-1968-1
• Linux kernel vulnerabilities
• 27 September 2013
• USN-1969-1
• Linux kernel (OMAP4) vulnerabilities
• 27 September 2013
• USN-1974-1
• Linux kernel vulnerabilities
• 27 September 2013
• USN-1973-1
• Linux kernel (OMAP4) vulnerabilities
• 27 September 2013
• USN-1971-1
• Linux kernel (Raring HWE) vulnerabilities
• 27 September 2013
• USN-1970-1
• Linux kernel (Quantal HWE) vulnerabilities
• 27 September 2013
• USN-1975-1
• Linux kernel (OMAP4) vulnerabilities
• 27 September 2013
• USN-1972-1
• Linux kernel vulnerabilities
• 27 September 2013

Other references

• http://www.openwall.com/lists/oss-security/2013/08/16/5
• http://www.arm.linux.org.uk/developer/patches/viewpatch.php?id=7809/1
• https://www.cve.org/CVERecord?id=CVE-2013-4254