Search
Find a vulnerability
Search criteria
2 vulnerabilities found for bpftrace by bpftrace
CVE-2024-2313 (GCVE-0-2024-2313)
Vulnerability from nvd – Published: 2024-03-10 22:51 – Updated: 2025-03-13 21:15
VLAI
EPSS
VEX
Summary
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-377 - Insecure Temporary File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/bpftrace/bpftrace/commit/4be4b… | patch |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:19:33.616251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377 Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T21:15:14.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "bpftrace",
"platforms": [
"Linux"
],
"product": "bpftrace",
"repo": "https://github.com/bpftrace/bpftrace",
"vendor": "bpftrace",
"versions": [
{
"lessThan": "v0.20.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Brendan Gregg"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jordan Rome"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:51:51.372Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2313",
"datePublished": "2024-03-10T22:51:51.372Z",
"dateReserved": "2024-03-07T23:53:59.076Z",
"dateUpdated": "2025-03-13T21:15:14.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2313 (GCVE-0-2024-2313)
Vulnerability from cvelistv5 – Published: 2024-03-10 22:51 – Updated: 2025-03-13 21:15
VLAI
EPSS
VEX
Summary
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-377 - Insecure Temporary File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/bpftrace/bpftrace/commit/4be4b… | patch |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T18:19:33.616251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-377",
"description": "CWE-377 Insecure Temporary File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T21:15:14.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "bpftrace",
"platforms": [
"Linux"
],
"product": "bpftrace",
"repo": "https://github.com/bpftrace/bpftrace",
"vendor": "bpftrace",
"versions": [
{
"lessThan": "v0.20.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Brendan Gregg"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Jordan Rome"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:51:51.372Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2313",
"datePublished": "2024-03-10T22:51:51.372Z",
"dateReserved": "2024-03-07T23:53:59.076Z",
"dateUpdated": "2025-03-13T21:15:14.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}