A flaw in the Linux kernels bpf implementation allows a local attacker to create an integer overflow resulting in an out-of-bounds write when a hashtable bucket has too many elements inserted. This is limited to users who are able to use the bpf syscall, and is not enabeled by default on Red Hat Enterprise Linux kernels.
By default there is no action required, if the system has been configured to allow for unprivileged users to use the ebpf subsystem this can be rectified by issuing the command:
# sysctl -w kernel.unprivileged_bpf_disabled=1
To make these changes persistent between boots, insert the same rule using the mechanisms outlined in the man pages for sysctl.d and sysctl.conf
Reference and upstream patch:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1993191]