VIR Vulnerability Intelligence Relay

CVE-2013-4254

medium
Published 2013-08-25 · Modified 2026-04-29
CVSS v3
CVSS v2
6.9
VIR risk
6.9

Description

The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4254

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/torvalds/linux/commit/c95eb3184ea1a3a2551df57190c81da695e2144b

OS impact
OSVersionStatusFixed in
linux linux-kernelaffected
linux linux-kernel3.10.0affected
linux linux-kernel3.10.1affected
linux linux-kernel3.10.2affected
linux linux-kernel3.10.3affected
linux linux-kernel3.10.4affected
linux linux-kernel3.10.5affected
linux linux-kernel3.10.6affected
debian debianbookwormfixed3.10.11-1
debian debianbullseyefixed3.10.11-1
debian debianforkyfixed3.10.11-1
debian debiansidfixed3.10.11-1
debian debiantrixiefixed3.10.11-1

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.