The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive kernel information address information via crafted bpf system calls. Upstream patch: https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07 External References: https://packetstormsecurity.com/files/142630/GS20170523000807.txt
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1454648]
Statement:
Statement: This issue did not affect the versions of the kernel as shipped with Red Hat Enterprise Linux 5, 6,7 and MRG2/realtime kernels.
This issue was resolved with the 4.11.1 and newer kernels for Fedora