CVE-2024-2314

Опубликовано: 10 мар. 2024

Источник: redhat

CVSS3: 2.8

EPSS Низкий

Описание

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise.

Отчет

This flaw is triggered by handling malicious input and the overall impact is considered minimal.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	bcc	Out of support scope
Red Hat Enterprise Linux 8	bcc	Fixed	RHSA-2024:8831	05.11.2024
Red Hat Enterprise Linux 9	bcc	Fixed	RHSA-2024:9187	12.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-284

https://bugzilla.redhat.com/show_bug.cgi?id=2269019bcc: unprivileged users can force loading of compromised linux headers

EPSS

Процентиль: 7%

0.00029

Низкий

2.8 Low

CVSS3

Связанные уязвимости

CVE-2024-2314

CVSS3: 2.8

ubuntu

больше 1 года назад

CVE-2024-2314

CVSS3: 2.8

nvd

больше 1 года назад

CVE-2024-2314

CVSS3: 2.8

debian

больше 1 года назад

If kernel headers need to be extracted, bcc will attempt to load them ...

RLSA-2024:8831

rocky

7 месяцев назад

Low: bcc security update

GHSA-883r-qq2g-w5xj

CVSS3: 2.8

github

больше 1 года назад

EPSS

Процентиль: 7%

0.00029

Низкий

2.8 Low

CVSS3