CVE-2024-2313: If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to...

2.8 CVSS

Description

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

Classification

CVE ID: CVE-2024-2313

CVSS Base Severity: LOW

CVSS Base Score: 2.8

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

Affected Products

Vendor: bpftrace

Product: bpftrace

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.08% (probability of being exploited)

EPSS Percentile: 20.05% (scored less or equal to compared to others)

EPSS Date: 2025-04-11 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313

Timeline

2025-03-13 22:40:14 UTC
CVE

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to...
2025-04-14 06:00:42 UTC
Tenable Plugins

CBL Mariner 2.0 Security Update: bpftrace (CVE-2024-2313)
2025-04-14 06:00:43 UTC
Tenable Plugins

Azure Linux 3.0 Security Update: bpftrace (CVE-2024-2313)