Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for BPF Compiler Collection by IOVisor
CVE-2024-2314 (GCVE-0-2024-2314)
Vulnerability from cvelistv5 – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
VLAI
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/iovisor/bcc/commit/008ea09e891… | patch |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IOVisor | BPF Compiler Collection |
Affected:
0 , < 008ea09e891194c072f2a9305a3c872a241dc342
(commit-id)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:00:41.028958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:04:20.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "bcc",
"platforms": [
"Linux"
],
"product": "BPF Compiler Collection",
"repo": "https://github.com/iovisor/bcc",
"vendor": "IOVisor",
"versions": [
{
"lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
"status": "affected",
"version": "0",
"versionType": "commit-id"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Brendan Gregg"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:54:31.563Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2314",
"datePublished": "2024-03-10T22:54:31.563Z",
"dateReserved": "2024-03-07T23:54:22.362Z",
"dateUpdated": "2024-10-30T18:04:20.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2314 (GCVE-0-2024-2314)
Vulnerability from nvd – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
VLAI
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/iovisor/bcc/commit/008ea09e891… | patch |
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV… | issue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IOVisor | BPF Compiler Collection |
Affected:
0 , < 008ea09e891194c072f2a9305a3c872a241dc342
(commit-id)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:00:41.028958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:04:20.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "bcc",
"platforms": [
"Linux"
],
"product": "BPF Compiler Collection",
"repo": "https://github.com/iovisor/bcc",
"vendor": "IOVisor",
"versions": [
{
"lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
"status": "affected",
"version": "0",
"versionType": "commit-id"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Brendan Gregg"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:54:31.563Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2314",
"datePublished": "2024-03-10T22:54:31.563Z",
"dateReserved": "2024-03-07T23:54:22.362Z",
"dateUpdated": "2024-10-30T18:04:20.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}