Search
Find a vulnerability
Search criteria
2 vulnerabilities found for BPF Compiler Collection by IOVisor
CVE-2024-2314 (GCVE-0-2024-2314)
Vulnerability from nvd – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
VLAI
EPSS
VEX
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/iovisor/bcc/commit/008ea09e891… | patch |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IOVisor | BPF Compiler Collection |
Affected:
0 , < 008ea09e891194c072f2a9305a3c872a241dc342
(commit-id)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:00:41.028958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:04:20.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "bcc",
"platforms": [
"Linux"
],
"product": "BPF Compiler Collection",
"repo": "https://github.com/iovisor/bcc",
"vendor": "IOVisor",
"versions": [
{
"lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
"status": "affected",
"version": "0",
"versionType": "commit-id"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Brendan Gregg"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:54:31.563Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2314",
"datePublished": "2024-03-10T22:54:31.563Z",
"dateReserved": "2024-03-07T23:54:22.362Z",
"dateUpdated": "2024-10-30T18:04:20.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2314 (GCVE-0-2024-2314)
Vulnerability from cvelistv5 – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
VLAI
EPSS
VEX
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/iovisor/bcc/commit/008ea09e891… | patch |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IOVisor | BPF Compiler Collection |
Affected:
0 , < 008ea09e891194c072f2a9305a3c872a241dc342
(commit-id)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:00:41.028958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:04:20.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "bcc",
"platforms": [
"Linux"
],
"product": "BPF Compiler Collection",
"repo": "https://github.com/iovisor/bcc",
"vendor": "IOVisor",
"versions": [
{
"lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
"status": "affected",
"version": "0",
"versionType": "commit-id"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Brendan Gregg"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:54:31.563Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2314",
"datePublished": "2024-03-10T22:54:31.563Z",
"dateReserved": "2024-03-07T23:54:22.362Z",
"dateUpdated": "2024-10-30T18:04:20.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}