CVE-2024-2313

LOW

bpftrace < 0.20.2 - Insecure Temporary File Handling in Kernel Header Extraction

Title source: llm

Description

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

References (2)

Core 2

Core References

Patch patch

https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998

View Patch ZIP pw:eip

Third Party Advisory issue-tracking

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313

Scores

CVSS v3 2.8

EPSS 0.0018

EPSS Percentile 8.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-377

Status published

Products (1)

bpftrace/bpftrace < 0.20.2

Published Mar 10, 2024

Tracked Since Feb 18, 2026