https://source.codeaurora.org/quic/la/platform/external/bcc/android-s-v2-beta-3: 1 vulnerabilities (highest severity is: 2.8) #18
Description
Vulnerable Library - https://source.codeaurora.org/quic/la/platform/external/bcc/android-s-v2-beta-3
Library home page: https://source.codeaurora.org/quic/la/platform/external/bcc/
Found in HEAD commit: 6090e9c94fc8d21036c8dbe46ea2eace65ed710d
Vulnerable Source Files (1)
Vulnerabilities
| CVE | Severity |  CVSS |
Dependency | Type | Fixed in (https://source.codeaurora.org/quic/la/platform/external/bcc/android-s-v2-beta version) | Remediation Possible** |
|---|---|---|---|---|---|---|
| CVE-2024-2314 |  Low |
2.8 | https://source.codeaurora.org/quic/la/platform/external/bcc/android-s-v2-beta-3 | Direct | 008ea09e891194c072f2a9305a3c872a241dc342 | ❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2024-2314
Vulnerable Library - https://source.codeaurora.org/quic/la/platform/external/bcc/android-s-v2-beta-3
Library home page: https://source.codeaurora.org/quic/la/platform/external/bcc/
Found in HEAD commit: 6090e9c94fc8d21036c8dbe46ea2eace65ed710d
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Publish Date: 2024-03-10
URL: CVE-2024-2314
CVSS 3 Score Details (2.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-2314
Release Date: 2024-03-10
Fix Resolution: 008ea09e891194c072f2a9305a3c872a241dc342