CVE-2024-2313

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.8 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
canonicalCNA
2.8 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
Debian logo
Debian Releases
Debian Product
Codename
bpftrace
bullseye
unimportant
buster
not-affected
bookworm
unimportant
sid
0.23.2-1
fixed
trixie
0.23.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bpftrace
noble
not-affected
mantic
not-affected
jammy
not-affected
focal
not-affected
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998