CVE-2013-0268

Linux Kernel < 3.7.6 - Local Privilege Escalation via MSR Device Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0268. PoCs published by spender.

AI-analyzed exploit summary This exploit leverages the /dev/cpu/*/msr interface to overwrite the SYSENTER_EIP_MSR register, allowing arbitrary kernel code execution in ring0. It requires root privileges and CONFIG_X86_MSR to be enabled.

Description

The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.

Exploits (1)

exploitdb WORKING POC
by spender · clocallinux
https://www.exploit-db.com/exploits/27297

This exploit leverages the /dev/cpu/*/msr interface to overwrite the SYSENTER_EIP_MSR register, allowing arbitrary kernel code execution in ring0. It requires root privileges and CONFIG_X86_MSR to be enabled.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Linux kernel (versions with CONFIG_X86_MSR enabled)
Auth required
Prerequisites: Root access · CONFIG_X86_MSR enabled · 32-bit userland on 64-bit host
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=908693
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/07/12

Scores

EPSS 0.0290
EPSS Percentile 86.7%

Details

CWE
CWE-264
Status published
Products (44)
linux/linux_kernel 3.0 rc1 (7 CPE variants)
linux/linux_kernel 3.0.1
linux/linux_kernel 3.0.2
linux/linux_kernel 3.0.3
linux/linux_kernel 3.0.4
linux/linux_kernel 3.0.5
linux/linux_kernel 3.0.6
linux/linux_kernel 3.0.7
linux/linux_kernel 3.0.8
linux/linux_kernel 3.0.9
... and 34 more
Published Feb 18, 2013
Tracked Since Feb 18, 2026