CVE-2024-2313

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

CVSS v3 2.8 LOW

2.8^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998

Configurations

No configuration.

History

13 Mar 2025, 22:15

Type	Values Removed	Values Added
CWE		CWE-377

Information

Published : 2024-03-10 23:15

Updated : 2025-03-13 22:15

NVD link : CVE-2024-2313

Mitre link : CVE-2024-2313

CVE.ORG link : CVE-2024-2313

JSON object : View

Products Affected

No product.

CWE

CWE-377

Insecure Temporary File

2.8 /10