{"schema_version":"1.7.2","id":"OESA-2024-2502","modified":"2024-12-06T15:23:34Z","published":"2024-12-06T15:23:34Z","upstream":["CVE-2024-2314"],"summary":"bcc security update","details":"BCC is a toolkit for creating efficient kernel tracing and manipulation programs, and includes several useful tools and examples. It makes use of extended BPF (Berkeley Packet Filters), formally known as eBPF, a new feature that was first added to Linux 3.15. BCC makes BPF programs easier to write, with kernel instrumentation in C (and includes a C wrapper around LLVM), and front-ends in Python and lua. It is suited for many tasks, including performance analysis and network traffic control.\r\n\r\nSecurity Fix(es):\r\n\r\nIf kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.(CVE-2024-2314)","affected":[{"package":{"ecosystem":"openEuler:24.03-LTS","name":"bcc","purl":"pkg:rpm/openEuler/bcc\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.29.1-3.oe2403"}]}],"ecosystem_specific":{"aarch64":["bcc-0.29.1-3.oe2403.aarch64.rpm","bcc-debuginfo-0.29.1-3.oe2403.aarch64.rpm","bcc-debugsource-0.29.1-3.oe2403.aarch64.rpm","bcc-devel-0.29.1-3.oe2403.aarch64.rpm","bcc-lua-0.29.1-3.oe2403.aarch64.rpm","bcc-tools-0.29.1-3.oe2403.aarch64.rpm"],"noarch":["bcc-help-0.29.1-3.oe2403.noarch.rpm","python3-bpfcc-0.29.1-3.oe2403.noarch.rpm"],"src":["bcc-0.29.1-3.oe2403.src.rpm"],"x86_64":["bcc-0.29.1-3.oe2403.x86_64.rpm","bcc-debuginfo-0.29.1-3.oe2403.x86_64.rpm","bcc-debugsource-0.29.1-3.oe2403.x86_64.rpm","bcc-devel-0.29.1-3.oe2403.x86_64.rpm","bcc-lua-0.29.1-3.oe2403.x86_64.rpm","bcc-tools-0.29.1-3.oe2403.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2502"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2314"}],"database_specific":{"severity":"Low"}}