CVE-2024-2313

LOW

bpftrace - Privilege Escalation

Title source: llm

Description

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

References (2)

[Patch] https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998

View Patch ZIP pw:eip

[Third Party Advisory] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313

Scores

CVSS v3 2.8

EPSS 0.0003

EPSS Percentile 7.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-377

Status published

Products (1)

bpftrace/bpftrace < 0.20.2

Published Mar 10, 2024

Tracked Since Feb 18, 2026