Launchpad.net

CVE 2013-2930

The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.

Related bugs and status

CVE-2013-2930 (Candidate) is related to these bugs:

Bug #1260613: CVE-2013-2930

		In	Importance	Status
1260613	CVE-2013-2930	linux (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-fsl-imx51 (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-mvl-dove (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-ti-omap4 (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-ec2 (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-ec2 (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-fsl-imx51 (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Trusty)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Trusty)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-mvl-dove (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-ti-omap4 (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Saucy)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Saucy)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Raring)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Raring)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Quantal)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Quantal)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-ec2 (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-fsl-imx51 (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Precise)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Precise)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-mvl-dove (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-ti-omap4 (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Lucid)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Lucid)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-armadaxp (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-armadaxp (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-armadaxp (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-saucy (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-saucy (Ubuntu Precise)	Medium	Fix Released
1260613	CVE-2013-2930	linux-lts-saucy (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-quantal (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-quantal (Ubuntu Precise)	Medium	Fix Released
1260613	CVE-2013-2930	linux-lts-quantal (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-raring (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-raring (Ubuntu Precise)	Medium	Fix Released
1260613	CVE-2013-2930	linux-lts-raring (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Utopic)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Utopic)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-trusty (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-trusty (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-trusty (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-armadaxp (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-ec2 (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-fsl-imx51 (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-backport-maverick (Ubuntu Vivid)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-backport-natty (Ubuntu Vivid)	Undecided	Won't Fix
1260613	CVE-2013-2930	linux-lts-quantal (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-raring (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-saucy (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-trusty (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-mvl-dove (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-ti-omap4 (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-goldfish (Ubuntu)	Medium	New
1260613	CVE-2013-2930	linux-goldfish (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-goldfish (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-goldfish (Ubuntu Vivid)	Medium	Won't Fix
1260613	CVE-2013-2930	linux-flo (Ubuntu)	Medium	New
1260613	CVE-2013-2930	linux-flo (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-flo (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-flo (Ubuntu Vivid)	Medium	Won't Fix
1260613	CVE-2013-2930	linux-mako (Ubuntu)	Medium	New
1260613	CVE-2013-2930	linux-mako (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-mako (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-mako (Ubuntu Vivid)	Medium	Won't Fix
1260613	CVE-2013-2930	linux-lts-utopic (Ubuntu)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-utopic (Ubuntu Precise)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-utopic (Ubuntu Trusty)	Medium	Invalid
1260613	CVE-2013-2930	linux-lts-utopic (Ubuntu Vivid)	Medium	Invalid
1260613	CVE-2013-2930	linux-manta (Ubuntu)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.kernel.org/...
CONFIRM: http://www.kernel.org/...
CONFIRM: https://github.com/tor...
UBUNTU: USN-2068-1
UBUNTU: USN-2070-1
UBUNTU: USN-2071-1
UBUNTU: USN-2072-1
UBUNTU: USN-2074-1
UBUNTU: USN-2075-1
UBUNTU: USN-2076-1
REDHAT: RHSA-2014:0100
UBUNTU: USN-2112-1