Bugzilla – Bug 1221220
VUL-0: CVE-2024-2313: bpftrace: unprivileged attacker could force bcc to load compromised linux headers
Last modified: 2024-05-22 07:37:43 UTC
If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-2313 https://www.cve.org/CVERecord?id=CVE-2024-2313 https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998
(In reply to SMASH SMASH from comment #0) > ... Linux distributions which provide > kernel headers by default are not affected by default. Sounds like we're not affected, but I'll look into this in more detail.
Similar to what bcc does in bug 1221229, bpftrace only unpacks kernel header if kernel is built with CONFIG_IKHEADERS[1,2], hence so this vulnerability does not apply to us. Reassigning back to security team. 1: https://github.com/bpftrace/bpftrace/commit/896fafbe9253 2: https://github.com/bpftrace/bpftrace/blob/4be4b71/src/utils.cpp#L824-L832
fixed upstream, we are not affected
FWIW previous fix was not enough and there's a new one https://github.com/bpftrace/bpftrace/pull/3190/commits/e0919e500ecb8ec181d879efd6b600004d6cf2a9 Again, we're not affected, so I'm updating Factory/Tumbleweed version of bpftrace purely to align with the latest upstream's version rather than for the security fix.