Search criteria
3 vulnerabilities found for bpf_compiler_collection by iovisor
FKIE_CVE-2024-2314
Vulnerability from fkie_nvd - Published: 2024-03-10 23:15 - Updated: 2025-08-26 17:18
Severity ?
2.8 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
2.5 (Low) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| iovisor | bpf_compiler_collection | * | |
| linux | linux_kernel | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:iovisor:bpf_compiler_collection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8061F8F-A34B-4F67-A745-C398752DA483",
"versionEndExcluding": "0.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
},
{
"lang": "es",
"value": "Si es necesario extraer los encabezados del kernel, bcc intentar\u00e1 cargarlos desde un directorio temporal. Un atacante sin privilegios podr\u00eda usar esto para obligar a bcc a cargar encabezados de Linux comprometidos. Las distribuciones de Linux que proporcionan encabezados de kernel de forma predeterminada no se ven afectadas de forma predeterminada."
}
],
"id": "CVE-2024-2314",
"lastModified": "2025-08-26T17:18:49.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-10T23:15:53.967",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
},
{
"source": "security@ubuntu.com",
"tags": [
"Patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-2314 (GCVE-0-2024-2314)
Vulnerability from cvelistv5 – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
VLAI?
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity ?
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IOVisor | BPF Compiler Collection |
Affected:
0 , < 008ea09e891194c072f2a9305a3c872a241dc342
(commit-id)
|
Credits
Mark Esler
Seth Arnold
Brendan Gregg
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:00:41.028958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:04:20.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "bcc",
"platforms": [
"Linux"
],
"product": "BPF Compiler Collection",
"repo": "https://github.com/iovisor/bcc",
"vendor": "IOVisor",
"versions": [
{
"lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
"status": "affected",
"version": "0",
"versionType": "commit-id"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Brendan Gregg"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:54:31.563Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2314",
"datePublished": "2024-03-10T22:54:31.563Z",
"dateReserved": "2024-03-07T23:54:22.362Z",
"dateUpdated": "2024-10-30T18:04:20.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2314 (GCVE-0-2024-2314)
Vulnerability from nvd – Published: 2024-03-10 22:54 – Updated: 2024-10-30 18:04
VLAI?
Summary
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Severity ?
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IOVisor | BPF Compiler Collection |
Affected:
0 , < 008ea09e891194c072f2a9305a3c872a241dc342
(commit-id)
|
Credits
Mark Esler
Seth Arnold
Brendan Gregg
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T19:00:41.028958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:04:20.999Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "bcc",
"platforms": [
"Linux"
],
"product": "BPF Compiler Collection",
"repo": "https://github.com/iovisor/bcc",
"vendor": "IOVisor",
"versions": [
{
"lessThan": "008ea09e891194c072f2a9305a3c872a241dc342",
"status": "affected",
"version": "0",
"versionType": "commit-id"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mark Esler"
},
{
"lang": "en",
"type": "analyst",
"value": "Seth Arnold"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Brendan Gregg"
}
],
"descriptions": [
{
"lang": "en",
"value": "If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-03-10T22:54:31.563Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"
},
{
"tags": [
"issue-tracking"
],
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-2314",
"datePublished": "2024-03-10T22:54:31.563Z",
"dateReserved": "2024-03-07T23:54:22.362Z",
"dateUpdated": "2024-10-30T18:04:20.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}