2269014 – (CVE-2024-2313) CVE-2024-2313 bpftrace: unprivileged users can force loading of compromised linux headers

Bug 2269014 (CVE-2024-2313) - CVE-2024-2313 bpftrace: unprivileged users can force loading of compromised linux headers

Summary: CVE-2024-2313 bpftrace: unprivileged users can force loading of compromised l...

Keywords:
Status:	NEW
Alias:	CVE-2024-2313
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2269015
Blocks:	2269018
TreeView+	depends on / blocked

Reported:	2024-03-11 14:15 UTC by TEJ RATHI
Modified:	2024-04-12 23:39 UTC (History)
CC List:	0 users
Fixed In Version:	bpftrace 0.20.2
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in BPFtrace. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bpftrace to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2024-03-11 14:15:51 UTC

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313
https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998

Comment 1 TEJ RATHI 2024-03-11 14:17:31 UTC

Created bpftrace tracking bugs for this issue:

Affects: fedora-all [bug 2269015]

Note You need to log in before you can comment on or make changes to this bug.