CVE-2024-2313

NameCVE-2024-2313
DescriptionIf kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1071748

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bpftrace (PTS)buster0.8+git60-gccac69c2239b-2fixed
bullseye0.11.3-5+deb11u1vulnerable
bookworm0.17.0-1vulnerable
sid, trixie0.21.2-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bpftracesourcebuster(not affected)
bpftracesource(unstable)0.21.0-1unimportant1071748

Notes

[buster] - bpftrace <not-affected> (Vulnerable code introduced later)
Introduced by: https://github.com/bpftrace/bpftrace/commit/896fafbe925385500c6626b19348739142944b88 (v0.9.3)
Fixed by: https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 (v0.21.0)
Revised fix: https://github.com/bpftrace/bpftrace/commit/bc73244963f206814ae45ec78ebe52cd389f6381 (v0.21.0)
https://bugzilla.suse.com/show_bug.cgi?id=1221220#c2
Does not affect Debian kernels since CONFIG_IKHEADERS isn't set

Search for package or bug name: Reporting problems