bcc: fix CVE-2024-2314scarthgap

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-2314 Upstream-patch: https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
author: Divya Chellam <divya.chellam@windriver.com> 2025-04-04 01:38:39 +0000
committer: Khem Raj <raj.khem@gmail.com> 2025-04-10 17:54:52 -0700
commit: eaa08939eaec9f620b14742ff3ac568553683034 (patch)
tree: 8b58ccb0bd053041bf8655544cb2f94d19085fd7 /dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb
parent: b9ef02282197380ef05edbd0eb852e1934ceb59b (diff)
download: meta-clang-scarthgap.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb b/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb
index ec3811e..5e912ad 100644
--- a/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb
+++ b/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb
@@ -25,6 +25,7 @@ SRC_URI = "gitsm://github.com/iovisor/bcc;branch=master;protocol=https \
           file://0001-CMakeLists.txt-don-t-modify-.gitconfig-on-build-host.patch \
           file://run-ptest \
           file://ptest_wrapper.sh \
+           file://CVE-2024-2314.patch \
           "
 SRCREV = "eb8ede2d70b17350757f2570ef76ea4c2e1dbff8"
author	Divya Chellam <divya.chellam@windriver.com>	2025-04-04 01:38:39 +0000
committer	Khem Raj <raj.khem@gmail.com>	2025-04-10 17:54:52 -0700
commit	eaa08939eaec9f620b14742ff3ac568553683034 (patch)
tree	8b58ccb0bd053041bf8655544cb2f94d19085fd7 /dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb
parent	b9ef02282197380ef05edbd0eb852e1934ceb59b (diff)
download	meta-clang-scarthgap.tar.gz

diff --git a/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb b/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb index ec3811e..5e912ad 100644 --- a/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb +++ b/dynamic-layers/meta-python/recipes-devtools/bcc/bcc_0.29.1.bb
@@ -25,6 +25,7 @@ SRC_URI = "gitsm://github.com/iovisor/bcc;branch=master;protocol=https \
25	file://0001-CMakeLists.txt-don-t-modify-.gitconfig-on-build-host.patch \	25	file://0001-CMakeLists.txt-don-t-modify-.gitconfig-on-build-host.patch \
26	file://run-ptest \	26	file://run-ptest \
27	file://ptest_wrapper.sh \	27	file://ptest_wrapper.sh \
		28	file://CVE-2024-2314.patch \
28	"	29	"
29		30
30	SRCREV = "eb8ede2d70b17350757f2570ef76ea4c2e1dbff8"	31	SRCREV = "eb8ede2d70b17350757f2570ef76ea4c2e1dbff8"