Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for bpftrace by bpftrace

    CVE-2024-2313 (GCVE-0-2024-2313)

    Vulnerability from nvd – Published: 2024-03-10 22:51 – Updated: 2025-03-13 21:15
    VLAI
    Summary
    If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-377 - Insecure Temporary File
    Assigner
    Impacted products
    Vendor Product Version
    bpftrace bpftrace Unaffected: 0 , < v0.20.2 (semver)
    Create a notification for this product.
    Credits
    Mark Esler Seth Arnold Brendan Gregg Jordan Rome
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2313",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:19:33.616251Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-377",
                    "description": "CWE-377 Insecure Temporary File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T21:15:14.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "bpftrace",
              "platforms": [
                "Linux"
              ],
              "product": "bpftrace",
              "repo": "https://github.com/bpftrace/bpftrace",
              "vendor": "bpftrace",
              "versions": [
                {
                  "lessThan": "v0.20.2",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mark Esler"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Seth Arnold"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Brendan Gregg"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Jordan Rome"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-10T22:51:51.372Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2024-2313",
        "datePublished": "2024-03-10T22:51:51.372Z",
        "dateReserved": "2024-03-07T23:53:59.076Z",
        "dateUpdated": "2025-03-13T21:15:14.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2313 (GCVE-0-2024-2313)

    Vulnerability from cvelistv5 – Published: 2024-03-10 22:51 – Updated: 2025-03-13 21:15
    VLAI
    Summary
    If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-377 - Insecure Temporary File
    Assigner
    Impacted products
    Vendor Product Version
    bpftrace bpftrace Unaffected: 0 , < v0.20.2 (semver)
    Create a notification for this product.
    Credits
    Mark Esler Seth Arnold Brendan Gregg Jordan Rome
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2313",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:19:33.616251Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-377",
                    "description": "CWE-377 Insecure Temporary File",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-13T21:15:14.295Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "bpftrace",
              "platforms": [
                "Linux"
              ],
              "product": "bpftrace",
              "repo": "https://github.com/bpftrace/bpftrace",
              "vendor": "bpftrace",
              "versions": [
                {
                  "lessThan": "v0.20.2",
                  "status": "unaffected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mark Esler"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Seth Arnold"
            },
            {
              "lang": "en",
              "type": "remediation reviewer",
              "value": "Brendan Gregg"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Jordan Rome"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-10T22:51:51.372Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2024-2313",
        "datePublished": "2024-03-10T22:51:51.372Z",
        "dateReserved": "2024-03-07T23:53:59.076Z",
        "dateUpdated": "2025-03-13T21:15:14.295Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }