CVE-2024-2314 | THREATINT

Description

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

Reserved 2024-03-07 | Published 2024-03-10 | Updated 2024-10-30 | Assigner canonical

LOW: 2.8CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

Product status

Any version before 008ea09e891194c072f2a9305a3c872a241dc342

affected

Credits

Mark Esler finder

Seth Arnold analyst

Brendan Gregg remediation developer

References

github.com/...ommit/008ea09e891194c072f2a9305a3c872a241dc342 patch

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314 issue-tracking

cve.org (CVE-2024-2314)

nvd.nist.gov (CVE-2024-2314)

Download JSON