Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for bpf_compiler_collection by iovisor

    CVE-2024-2314 (GCVE-0-2024-2314)

    Vulnerability from nvd – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
    VLAI
    Summary
    If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    IOVisor BPF Compiler Collection Affected: 0 , < 008ea09e891194c072f2a9305a3c872a241dc342 (commit-id)
    Create a notification for this product.
    Credits
    Mark Esler Seth Arnold Brendan Gregg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T19:00:41.028958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T18:04:20.999Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "bcc",
              "platforms": [
                "Linux"
              ],
              "product": "BPF Compiler Collection",
              "repo": "https://github.com/iovisor/bcc",
              "vendor": "IOVisor",
              "versions": [
                {
                  "lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
                  "status": "affected",
                  "version": "0",
                  "versionType": "commit-id"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mark Esler"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Seth Arnold"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Brendan Gregg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-10T22:54:31.563Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2024-2314",
        "datePublished": "2024-03-10T22:54:31.563Z",
        "dateReserved": "2024-03-07T23:54:22.362Z",
        "dateUpdated": "2024-10-30T18:04:20.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2314 (GCVE-0-2024-2314)

    Vulnerability from cvelistv5 – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
    VLAI
    Summary
    If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    IOVisor BPF Compiler Collection Affected: 0 , < 008ea09e891194c072f2a9305a3c872a241dc342 (commit-id)
    Create a notification for this product.
    Credits
    Mark Esler Seth Arnold Brendan Gregg
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
              },
              {
                "tags": [
                  "issue-tracking",
                  "x_transferred"
                ],
                "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2314",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-22T19:00:41.028958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-30T18:04:20.999Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "packageName": "bcc",
              "platforms": [
                "Linux"
              ],
              "product": "BPF Compiler Collection",
              "repo": "https://github.com/iovisor/bcc",
              "vendor": "IOVisor",
              "versions": [
                {
                  "lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
                  "status": "affected",
                  "version": "0",
                  "versionType": "commit-id"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Mark Esler"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Seth Arnold"
            },
            {
              "lang": "en",
              "type": "remediation developer",
              "value": "Brendan Gregg"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "LOW",
                "baseScore": 2.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-10T22:54:31.563Z",
            "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
            "shortName": "canonical"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
        "assignerShortName": "canonical",
        "cveId": "CVE-2024-2314",
        "datePublished": "2024-03-10T22:54:31.563Z",
        "dateReserved": "2024-03-07T23:54:22.362Z",
        "dateUpdated": "2024-10-30T18:04:20.999Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }