The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.
Information Disclosure
Linux
NVD
Exploit-DB
GitHub
VulDB
CVSS 3.1
8.4
EPSS
65.9%
Threat
6.7