vulnerability
Oracle Linux: CVE-2024-2314: ELSA-2024-8831: bcc security update (LOW) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 1 | (AV:L/AC:H/Au:S/C:N/I:N/A:P) | 2024-03-10 | 2024-11-11 | 2024-12-21 |
Severity
1
CVSS
(AV:L/AC:H/Au:S/C:N/I:N/A:P)
Published
2024-03-10
Added
2024-11-11
Modified
2024-12-21
Description
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise.
A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise.
Solution(s)
oracle-linux-upgrade-bccoracle-linux-upgrade-bcc-develoracle-linux-upgrade-bcc-docoracle-linux-upgrade-bcc-toolsoracle-linux-upgrade-libbpf-toolsoracle-linux-upgrade-python3-bcc
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.