The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive kernel information address information via crafted bpf system calls.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1454648]
This issue did not affect the versions of the kernel as shipped with Red Hat Enterprise Linux 5, 6,7 and MRG2/realtime kernels.
This issue was resolved with the 4.11.1 and newer kernels for Fedora