In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link's program when link is safe to be deallocated The Linux kernel CVE team has assigned CVE-2024-56786 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025010808-CVE-2024-56786-1f56@gregkh/T
This CVE has been rejected by the Linux kernel community. Refer to the announcement: https://lore.kernel.org/linux-cve-announce/2025061920-REJECTED-c79f@gregkh/ The default Red Hat Enterprise Linux kernel prevents unprivileged users from being able to use eBPF by the kernel.unprivileged_bpf_disabled sysctl. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space. For the Red Hat Enterprise Linux 9 to confirm the current state, inspect the sysctl with the command: cat /proc/sys/kernel/unprivileged_bpf_disabled The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw. Comment added by: Automated Script
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:20518 https://access.redhat.com/errata/RHSA-2025:20518