CVE-2024-2314

NameCVE-2024-2314
DescriptionIf kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1071747

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bpfcc (PTS)bullseye0.18.0+ds-2vulnerable
bookworm0.26.0+ds-1vulnerable
sid, trixie0.31.0+ds-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bpfccsourcebuster(not affected)
bpfccsource(unstable)0.31.0+ds-2unimportant1071747

Notes

[buster] - bpfcc <not-affected> (Vulnerable code introduced later)
Fixed by: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 (v0.30.0)
Introduced by: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 (v0.10.0)
Attempt to mitigate in https://bugs.debian.org/1028479 (applied in 0.25.0+ds-2), and
resulting in the additional problem in https://bugs.debian.org/1068297
https://bugzilla.suse.com/show_bug.cgi?id=1221229#c1
Does not affect Debian kernels since CONFIG_IKHEADERS isn't set

Search for package or bug name: Reporting problems