{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2314","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","state":"PUBLISHED","assignerShortName":"canonical","dateReserved":"2024-03-07T23:54:22.362Z","datePublished":"2024-03-10T22:54:31.563Z","dateUpdated":"2024-10-30T18:04:20.999Z"},"containers":{"cna":{"affected":[{"packageName":"bcc","product":"BPF Compiler Collection","vendor":"IOVisor","repo":"https://github.com/iovisor/bcc","platforms":["Linux"],"versions":[{"status":"affected","version":"0","lessThan":"008ea09e891194c072f2a9305a3c872a241dc342","versionType":"commit-id"}]}],"descriptions":[{"lang":"en","value":"If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default."}],"references":[{"tags":["patch"],"url":"https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"},{"tags":["issue-tracking"],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"}],"credits":[{"lang":"en","type":"finder","value":"Mark Esler"},{"lang":"en","type":"analyst","value":"Seth Arnold"},{"lang":"en","type":"remediation developer","value":"Brendan Gregg"}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L","baseScore":2.8,"baseSeverity":"LOW"}}],"providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2024-03-10T22:54:31.563Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T19:11:53.466Z"},"title":"CVE Program Container","references":[{"tags":["patch","x_transferred"],"url":"https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342"},{"tags":["issue-tracking","x_transferred"],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314"}]},{"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-noinfo Not enough information"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-22T19:00:41.028958Z","id":"CVE-2024-2314","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-30T18:04:20.999Z"}}]}}