# [solved]does cve-2013-2094 apply to gentoo?

## huuan

new privilege escalation on kernels 2.6.37 through 3.8.9

https://isc.sans.edu/diary/CVE-2013-2094+Linux+privilege+escalation/15803

they say on centos it is back-ported as far as 2.6.32

How about on Gentoo?Last edited by huuan on Thu May 16, 2013 5:38 am; edited 1 time in total

----------

## Hu

sys-kernel/gentoo-sources has no ebuilds in tree for kernels before 3.0, so there are no supported builds into which a backport could have introduced it.  However, it is very likely that all supported kernel series are affected, unless you configured out the affected code.

----------

## livibetter

My kernel config has CONFIG_PERF_EVENTS=y and the semtex.c (linked in the CVE page) shows me it is indeed vulnerable, I can gain root by running that compiled code on 3.7.10.

gentoo-sources has just stabilized 3.8.13, I am going to upgrade my kernel to it.

----------

## kurly

The applicable Gentoo bug is https://bugs.gentoo.org/show_bug.cgi?id=469854

Plenty of fixed versions are in Portage today (including 3.8.13 and 3.9.2).  All vulnerable versions except 3.7.10 have been removed, and even that last version will be removed as soon as other architectures are able to stabilize 3.8.13.

----------

## huuan

Thanks all. Most informative.

----------

## rburcham

 *Quote:*   

> My kernel config has CONFIG_PERF_EVENTS=y and the semtex.c (linked in the CVE page) shows me it is indeed vulnerable, I can gain root by running that compiled code on 3.7.10.
> 
> gentoo-sources has just stabilized 3.8.13, I am going to upgrade my kernel to it.

 

I'm running 3.7.8-gentoo, CONFIG_PERF_EVENTS=y, compiled the POC code with gcc -O2 and ran it... it immediately returns with "Killed"  

So, for some reason it didn't work?  I'm still updating my kernel right now anyway.

----------

## keet

It didn't work for me on my Gentoo computers that are running gentoo-sources 3.4.9 and 3.7.10, though kernel.perf_event_paranoid=2 on mine.  It did work on my Debian 7 installation, though.

----------

## Hu

According to commentary on LWN, the common exploit being passed around can be defeated with perf_event_paranoid=2.  However, the exploit can be modified to trigger the bug even when perf_event_paranoid=2, so setting that variable is not full protection.

----------

