Vulnerability Description
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iovisor | Bpf Compiler Collection | < 0.30.0 |
| Linux | Linux Kernel | - |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314Third Party Advisory
- https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342Patch
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314Third Party Advisory
- https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342Patch
FAQ
What is CVE-2024-2314?
CVE-2024-2314 is a vulnerability with a CVSS score of 2.8 (LOW). If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distribu...
How severe is CVE-2024-2314?
CVE-2024-2314 has been rated LOW with a CVSS base score of 2.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-2314?
Check the references section above for vendor advisories and patch information. Affected products include: Iovisor Bpf Compiler Collection, Linux Linux Kernel.