What is CVE-2013-2094?

CVE-2013-2094 is a High severity Linux kernel vulnerability with a CVSS score of 8.4 out of 10. CVE-2013-2094 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.

What is the CVSS score for CVE-2013-2094?

CVE-2013-2094 has a CVSS score of 8.4 out of 10, rated High severity. The vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Is there a patch available for CVE-2013-2094?

No patch is currently available for CVE-2013-2094. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2013-2094 actively exploited?

Yes — CVE-2013-2094 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild with a CVSS score of 8.4 (High severity).

CVE-2013-2094

High KEV — Actively Exploited

The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.

Package Linux Kernel

Published 2013-05-14

Last modified 2026-04-22

CVSS version 3.1

Patch available

Awaiting data

CVSS 3.1 score

8.4

out of 10

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness type

CWE-189

CVE-2013-2094 is classified as CWE-189

See CWE-189 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2013-2094 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Lists
http://lists.centos.org/pipermail/centos-announce/2013-May/019729.html

Third Party Advisory VDB Entry
Lists
http://lists.centos.org/pipermail/centos-announce/2013-May/019733.html

Third Party Advisory VDB Entry
Lists
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00008.html

Third Party Advisory VDB Entry
Lists
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html

Third Party Advisory VDB Entry
Lists
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html

Third Party Advisory VDB Entry
Lists
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00009.html

Third Party Advisory VDB Entry
Lists
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00017.html

Third Party Advisory VDB Entry
Lkml
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03652.html

Third Party Advisory VDB Entry
Lkml
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/03976.html

Third Party Advisory VDB Entry
Lkml
http://lkml.indiana.edu/hypermail/linux/kernel/1304.1/04302.html

Third Party Advisory
News
http://news.ycombinator.com/item?id=5703758

Third Party Advisory
Packet Storm
http://packetstormsecurity.com/files/121616/semtex.c

Exploit Third Party Advisory VDB Entry
Red Hat
http://rhn.redhat.com/errata/RHSA-2013-0830.html

Third Party Advisory
Exploit-DB
http://www.exploit-db.com/exploits/33589

Third Party Advisory VDB Entry
Kernel.org
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9

Not Applicable
Mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176

Mailing List Third Party Advisory
Openwall
http://www.openwall.com/lists/oss-security/2013/05/14/6

Mailing List Third Party Advisory
Osvdb
http://www.osvdb.org/93361

Broken Link
Reddit
http://www.reddit.com/r/netsec/comments/1eb9iw

Third Party Advisory
Ubuntu Security
http://www.ubuntu.com/usn/USN-1825-1

Third Party Advisory
Ubuntu Security
http://www.ubuntu.com/usn/USN-1826-1

Third Party Advisory
Ubuntu Security
http://www.ubuntu.com/usn/USN-1827-1

Third Party Advisory
Ubuntu Security
http://www.ubuntu.com/usn/USN-1828-1

Third Party Advisory
Ubuntu Security
http://www.ubuntu.com/usn/USN-1836-1

Third Party Advisory
Ubuntu Security
http://www.ubuntu.com/usn/USN-1838-1

Third Party Advisory
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=962792

Issue Tracking
CISA
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2094

US Government Resource
Kernel patch commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8176cced706b5e5d15887584150764894e94e02f
Patch
Kernel patch commit
http://twitter.com/djrbliss/statuses/334301992648331267
Patch
Kernel patch commit
https://github.com/torvalds/linux/commit/8176cced706b5e5d15887584150764894e94e02f
Patch

Details

CVE ID CVE-2013-2094

Severity High

CVSS score 8.4 / 10

CVSS version 3.1

Published 2013-05-14

Modified 2026-04-22

KEV Yes

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2013-2094?

CVE-2013-2094 is a High severity Linux kernel vulnerability with a CVSS score of 8.4 out of 10 . CVE-2013-2094 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
What is the CVSS score for CVE-2013-2094?

CVE-2013-2094 has a CVSS score of 8.4 out of 10, rated High severity (CVSS 3.1). The vector string is CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Is there a patch available for CVE-2013-2094?

No patch is currently available for CVE-2013-2094. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2013-2094 actively exploited?

Yes — CVE-2013-2094 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild. It carries a CVSS score of 8.4 (High severity).