The bug inside bloom filter. Results in Null Pointer Dereference when map_get_next_key function inside BPF code being executed by local user. This is new (fresh) bloom filter functionality of the eBPF that is actual starting from this commit: https://lore.kernel.org/bpf/20210921210225.4095056-2-joannekoong@fb.com/ Reference to the patch: https://lore.kernel.org/bpf/d5776f5d-3416-4e3b-8751-8a5a9e6a0d4d@iogearbox.net/T/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2048262]
Services notaffected per kernel analysis.
This bug was introduced in 5.16 kernels and a fix was included in 5.16.3 upstream. It was never shipped as an update to stable Fedora users.