The bug inside bloom filter.
Results in Null Pointer Dereference when map_get_next_key function inside BPF code being executed by local user.
This is new (fresh) bloom filter functionality of the eBPF that is actual starting from this commit:
Reference to the patch:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2048262]
Services notaffected per kernel analysis.
This bug was introduced in 5.16 kernels and a fix was included in 5.16.3 upstream. It was never shipped as an update to stable Fedora users.