CVE-2024-2313

EUVD-2024-27268
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.8 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
canonicalCNA
2.8 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
bpftracebpftrace
𝑥
< 0.20.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bpftrace
bookworm
unimportant
bullseye
unimportant
buster
not-affected
forky
0.24.1-1.1
fixed
sid
0.24.1-1.1
fixed
trixie
0.23.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bpftrace
bionic
dne
focal
not-affected
jammy
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998