CVE-2024-2314
LOWiovisor/bpf_compiler_collection < 0.30.0 - Unauthenticated Arbitrary Kernel Header Loading via Temporary Directory
Title source: llmDescription
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
References (2)
Core 2
Core References
Third Party Advisory issue-tracking
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314
Scores
CVSS v3
2.8
EPSS
0.0022
EPSS Percentile
12.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
Status
published
Products (1)
iovisor/bpf_compiler_collection
< 0.30.0
Published
Mar 10, 2024
Tracked Since
Feb 18, 2026