A bug in the x86 BPF JIT compiler. A bpf_tail_call with a key larger than the max_entries of the map can cause an out-of-bound access when the x86 JIT compiler tries to index bpf_array->ptr using the invalid key. References: https://www.openwall.com/lists/oss-security/2022/08/26/1 https://lore.kernel.org/bpf/984b37f9fdf7ac36831d2137415a4a915744c1b6.1661462653.git.daniel@iogearbox.net/
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2121801]
This was fixed for Fedora with the 5.19.6 stable kernel updates.