PT-2024-19679 · Bpftrace+5 · Bpftrace+5

Brendan Gregg

Published

2024-03-10

Updated

2025-03-17

CVE-2024-2313

CVSS v3.1

2.8

Low

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions bpftrace (affected versions not specified)

Description The issue allows an unprivileged attacker to force bcc to load compromised Linux headers if kernel headers need to be extracted and are not provided by default. This can occur because bpftrace attempts to load the headers from a temporary directory. Linux distributions that provide kernel headers by default are not affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377

Related Identifiers

ALSA-2024:8830

ALSA-2024:9188

AZL-35836

AZL-35874

CESA-2024_8830

CVE-2024-2313

INFSA-2024_8830

INFSA-2024_9188

OPENSUSE-SU-2024:13986-1

RHSA-2024:8830

RHSA-2024:9188

RHSA-2024_8830

RHSA-2024_9188

RLSA-2024:8830

RLSA-2024:9188

Affected Products

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Bpftrace

PT-2024-19679 · Bpftrace+5 · Bpftrace+5

CVE-2024-2313

Weakness Enumeration

Related Identifiers

Affected Products

References · 25