CVE-2024-2314

EUVD-2024-27269
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.8 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
canonicalCNA
2.8 LOW
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
Affected Products (NVD)
VendorProductVersion
iovisorbpf_compiler_collection
𝑥
< 0.30.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bpfcc
bookworm
unimportant
bullseye
unimportant
buster
not-affected
forky
0.35.0+ds-1
fixed
sid
0.35.0+ds-1
fixed
trixie
0.31.0+ds-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bpfcc
bionic
not-affected
focal
not-affected
jammy
not-affected
mantic
not-affected
noble
not-affected
trusty
dne
xenial
dne
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314
https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314
https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342