Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-2314

Published: 7 March 2024

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

Priority

Medium

Cvss 3 Severity Score

2.8

Score breakdown

Status

Package Release Status
bpfcc
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(kernel headers are provided by system)
focal Not vulnerable
(kernel headers are provided by system)
jammy Not vulnerable
(kernel headers are provided by system)
mantic Not vulnerable
(kernel headers are provided by system)
trusty Does not exist

upstream
Released
xenial Does not exist

Patches:
upstream: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342

Severity score breakdown

Parameter Value
Base score 2.8
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Scope Changed
Confidentiality None
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L