A vulnerability was discovered using fuzzing in linux kernels 2.6.37 till 3.8.9. The vulenrability requires the kernel to be compiled with PERF_EVENTS, but unfortunately that seems the case for quite some linux distributions. CentOS even backported the vulnerability to 2.6.32.

Impact is local privilege escalation, and exploit code is readily available.

More information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2094

Hat tip: James for sending us some pointers to this.

--
Swa Frantzen -- Section 66