https://source.codeaurora.org/quic/la/platform/external/bcc/android-s-v2-beta-3: 1 vulnerabilities (highest severity is: 2.8) #18
Labels
Mend: dependency security vulnerability
Security vulnerability detected by Mend
Comments
mend-for-github-com
bot
added
the
Mend: dependency security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Library home page: https://source.codeaurora.org/quic/la/platform/external/bcc/
Found in HEAD commit: 6090e9c94fc8d21036c8dbe46ea2eace65ed710d
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - https://source.codeaurora.org/quic/la/platform/external/bcc/android-s-v2-beta-3
Library home page: https://source.codeaurora.org/quic/la/platform/external/bcc/
Found in HEAD commit: 6090e9c94fc8d21036c8dbe46ea2eace65ed710d
Found in base branch: develop
Vulnerable Source Files (1)
Vulnerability Details
If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Publish Date: 2024-03-10
URL: CVE-2024-2314
CVSS 3 Score Details (2.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-2314
Release Date: 2024-03-10
Fix Resolution: 008ea09e891194c072f2a9305a3c872a241dc342
The text was updated successfully, but these errors were encountered: