In the Linux kernel an privileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. References: http://www.openwall.com/lists/oss-security/2021/08/01/3 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f5e81d1117501546b7be050c5fbafa6efd2c722c https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2039f26f3aca5b0e419b98f65dd36481337b86ee
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1989213]
Marking OCP v3-based services affected/ooss, v4 and quay-io affected/delegated.