CVE-2024-2313

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-2313
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2313.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-2313
Related
Published
2024-03-10T23:15:53Z
Modified
2024-09-18T03:24:58.285546Z
Summary
[none]
Details

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

References

Affected packages

Debian:11 / bpftrace

Package

Name
bpftrace
Purl
pkg:deb/debian/bpftrace?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.3-5
0.11.3-5+deb11u1
0.13.0-1
0.13.0-2
0.14.0-1
0.14.0-2
0.14.0-3
0.14.1-1
0.14.1-2
0.14.1-3
0.14.1-4
0.14.1-5
0.15.0-1
0.15.0-2
0.16.0-1
0.17.0-1
0.17.0-2
0.19.0-1
0.19.1-1
0.20.0-1
0.20.1-1
0.20.2-1
0.21.0-1
0.21.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bpftrace

Package

Name
bpftrace
Purl
pkg:deb/debian/bpftrace?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.17.0-1
0.17.0-2
0.19.0-1
0.19.1-1
0.20.0-1
0.20.1-1
0.20.2-1
0.21.0-1
0.21.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bpftrace

Package

Name
bpftrace
Purl
pkg:deb/debian/bpftrace?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.21.0-1

Affected versions

0.*

0.17.0-1
0.17.0-2
0.19.0-1
0.19.1-1
0.20.0-1
0.20.1-1
0.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/bpftrace/bpftrace

Affected ranges

Type
GIT
Repo
https://github.com/bpftrace/bpftrace
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.20.0
v0.8
v0.9
v0.9.1
v0.9.2
v0.9.4