An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values. Reference and upstream patch: https://github.com/torvalds/linux/commit/5b9fbeb75b6a98955f628e205ac26689bcb1383e
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1889479]
This was fixed for Fedora with the 5.8.15 stable kernel updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-27194
Statement: This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user.
Mitigation: For Red Hat Enterprise Linux, the Berkeley Packet Filter is available only for privileged users. However, if enabled for an unprivileged user, the mitigation is to disable unprivileged access to the BPF using the following sysctl: kernel.unprivileged_bpf_disabled=1.