Lucene search

GoogleOSV:CVE-2024-2314

HistoryMar 10, 2024 - 11:15 p.m.

CVE-2024-2314

2024-03-1023:15:53

Google

osv.dev

cve-2024-2314

kernel headers

bcc

linux distributions

unprivileged attacker

compromised headers

software

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

CPENameOperatorVersion
bcceq0.2.0
bcceq0.8.0
bcceq0.29.1
bcceq0.1.5
bcceq0.12.0
bcceq0.20.0
bcceq0.22.0
bcceq0.11.0
bcceq0.1.4
bcceq0.9.0

Name	Operator	Version
bcc	eq	0.2.0
bcc	eq	0.8.0
bcc	eq	0.29.1
bcc	eq	0.1.5
bcc	eq	0.12.0
bcc	eq	0.20.0
bcc	eq	0.22.0
bcc	eq	0.11.0
bcc	eq	0.1.4
bcc	eq	0.9.0

Rows per page:

1-10 of 391

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314

github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342

2.8 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for OSV:CVE-2024-2314