CVE-2024-2313

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-2313
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

2.8 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.1 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998
Configurations

No configuration.

History

13 Mar 2025, 22:15

Type Values Removed Values Added
CWE CWE-377

21 Nov 2024, 09:09

Type Values Removed Values Added
Summary
  • (es) Si es necesario extraer los encabezados del kernel, bpftrace intentará cargarlos desde un directorio temporal. Un atacante sin privilegios podría usar esto para obligar a bcc a cargar encabezados de Linux comprometidos. Las distribuciones de Linux que proporcionan encabezados de kernel de forma predeterminada no se ven afectadas de forma predeterminada.
References () https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313 - () https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313 -
References () https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 - () https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 -

11 Mar 2024, 01:32

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-10 23:15

Updated : 2025-03-13 22:15

NVD link : CVE-2024-2313

Mitre link : CVE-2024-2313

CVE.ORG link : CVE-2024-2313

JSON object : View

Products Affected

No product.

CWE
CWE-377

Insecure Temporary File