CVE-2024-2313
Publication date 6 March 2024
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Status
Package | Ubuntu Release | Status |
---|---|---|
bpftrace | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic | Not in release | |
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 2.8 · Low |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Changed |
Confidentiality | None |
Integrity impact | None |
Availability impact | Low |
Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L |