CVE-2024-2314
2.8
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IOVisor | BPF Compiler Collection | 0 < 008ea09e891194c072f2a9305a3c872a241dc342 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.