Linux, OS, Security

The new 0day-vulnerability in Linux 2.6.37 – 3.8.8

A few days ago an exploit ready was published, which carries an escalation of privileges in Linux 2.6.37 – 3.8.8. The code shown on the link, anyone can compile and run on your system, checking its operation. If it does not work, it’s not a reason to calm: it may just need a more qualitative exploit.

Detailed explanation of the vulnerability, see here .


Exploit shall operate on 2.6.37 kernels – 3.8.8 compiled with PERF_EVENTS (the default option in most modern distributions).

Its fixed in Linux kernel version 3.8.9 , see the patch . Perhaps, the exploit was available to someone before, and someone used it, but now the code is published in the public domain. The vulnerability is still present in many popular Linux distributions, including Ubuntu and Debian Wheezy.

Vulnerability assigned the number CVE-2013-2094.

The information in the Debian tracker

The information in the tracker Ubuntu

Tagged , , , , ,