Bugzilla – Bug 1221229
VUL-0: CVE-2024-2314: bcc: unprivileged attacker could force bcc to load compromised linux headers
Last modified: 2024-04-16 03:55:10 UTC
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-2314 https://www.cve.org/CVERecord?id=CVE-2024-2314 https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342
Kernel header extraction is only done when /sys/kernel/kheaders.tar.xz exists[1,2], which in turn depends on the kernel being built with CONFIG_IKHEADERS enabled (m or y). Our kernel does not enable CONFIG_IKHEADERS, so this vulnerability does not apply to us. Reassigning back to security team. 1: https://github.com/iovisor/bcc/commit/ae92f3ddb6aa5b81c750abf3540b99f24d219e67 2: https://github.com/iovisor/bcc/blob/bc4294d/src/cc/frontends/clang/loader.cc#L219-L222