A flaw in the Linux kernels bpf implementation allows a local attacker to create an integer overflow resulting in an out-of-bounds write when a hashtable bucket has too many elements inserted. This is limited to users who are able to use the bpf syscall, and is not enabeled by default on Red Hat Enterprise Linux kernels. By default there is no action required, if the system has been configured to allow for unprivileged users to use the ebpf subsystem this can be rectified by issuing the command: # sysctl -w kernel.unprivileged_bpf_disabled=1 To make these changes persistent between boots, insert the same rule using the mechanisms outlined in the man pages for sysctl.d and sysctl.conf Reference and upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=c4eb1f403243fc7bbb7de644db8587c03de36da6
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1993191]