CVE-2024-2314

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-2314
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-2314.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-2314
Published
2024-03-10T23:15:53Z
Modified
2024-09-18T03:24:58.329449Z
Summary
[none]
Details

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

References

Affected packages

Debian:11 / bpfcc

Package

Name
bpfcc
Purl
pkg:deb/debian/bpfcc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.18.0+ds-2
0.21.0+ds-1
0.21.0+ds-2
0.21.0+ds-3
0.21.0+ds-4
0.21.0+ds-5
0.21.0+ds-6
0.21.0+ds-7
0.22.0+ds-1
0.22.0+ds-2~bpo11+1
0.22.0+ds-2
0.23.0+ds-1
0.24.0+ds-1~bpo11+1
0.24.0+ds-1
0.25.0+ds-1
0.25.0+ds-2
0.26.0+ds-1
0.26.0+ds-1+riscv64
0.26.0+ds-2~experimental1
0.26.0+ds-2~experimental2
0.28.0+ds-1
0.29.1+ds-1
0.29.1+ds-1.1
0.29.1+ds-1.1+loong64
0.29.1+ds-1.2
0.30.0+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / bpfcc

Package

Name
bpfcc
Purl
pkg:deb/debian/bpfcc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.26.0+ds-1
0.26.0+ds-1+riscv64
0.26.0+ds-2~experimental1
0.26.0+ds-2~experimental2
0.28.0+ds-1
0.29.1+ds-1
0.29.1+ds-1.1
0.29.1+ds-1.1+loong64
0.29.1+ds-1.2
0.30.0+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / bpfcc

Package

Name
bpfcc
Purl
pkg:deb/debian/bpfcc?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.26.0+ds-1
0.26.0+ds-1+riscv64
0.26.0+ds-2~experimental1
0.26.0+ds-2~experimental2
0.28.0+ds-1
0.29.1+ds-1
0.29.1+ds-1.1
0.29.1+ds-1.1+loong64
0.29.1+ds-1.2
0.30.0+ds-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/iovisor/bcc

Affected ranges

Type
GIT
Repo
https://github.com/iovisor/bcc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.29.0

v0.*

v0.1
v0.1.1
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.2.0
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.24.0
v0.25.0
v0.26.0
v0.27.0
v0.28.0
v0.29.0
v0.29.1
v0.3.0
v0.4.0
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.8.0
v0.9.0