跳转到帖子

Amazon Linux 2023: CVE-2024-2314: Low priority package update for bcc

recommended_posts

发布于
  • Members

Amazon Linux 2023: CVE-2024-2314: Low priority package update for bcc

Severity
1
CVSS
(AV:L/AC:H/Au:S/C:N/I:N/A:P)
Published
03/10/2024
Created
02/14/2025
Added
02/14/2025
Modified
02/14/2025

Description

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential security risks, unauthorized access, or system compromise.

Solution(s)

  • amazon-linux-2023-upgrade-bcc
  • amazon-linux-2023-upgrade-bcc-debuginfo
  • amazon-linux-2023-upgrade-bcc-debugsource
  • amazon-linux-2023-upgrade-bcc-devel
  • amazon-linux-2023-upgrade-bcc-doc
  • amazon-linux-2023-upgrade-bcc-tools
  • amazon-linux-2023-upgrade-bcc-tools-debuginfo
  • amazon-linux-2023-upgrade-libbpf-tools
  • amazon-linux-2023-upgrade-libbpf-tools-debuginfo
  • amazon-linux-2023-upgrade-python3-bcc

References

  • https://attackerkb.com/topics/cve-2024-2314
  • CVE - 2024-2314
  • https://alas.aws.amazon.com/AL2023/ALAS-2024-626.html
  • 查看数 704
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…