2269019 – (CVE-2024-2314) CVE-2024-2314 bcc: unprivileged users can force loading of compromised linux headers

Bug 2269019 (CVE-2024-2314) - CVE-2024-2314 bcc: unprivileged users can force loading of compromised linux headers

Summary: CVE-2024-2314 bcc: unprivileged users can force loading of compromised linux ...

Keywords:
Status:	NEW
Alias:	CVE-2024-2314
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2269020
Blocks:	2269018
TreeView+	depends on / blocked

Reported:	2024-03-11 14:35 UTC by TEJ RATHI
Modified:	2024-04-12 23:39 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	---
Doc Text:	A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2024-03-11 14:35:31 UTC

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314
https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342

Comment 1 TEJ RATHI 2024-03-11 14:35:51 UTC

Created bcc tracking bugs for this issue:

Affects: fedora-all [bug 2269020]

Note You need to log in before you can comment on or make changes to this bug.