In the EBPF subsystem detected Another vulnerability (CVE is missing), as And yesterday’s problem allowing a local unprivileged user to execute the code at the Linux kernel level. The problem is manifested from the Linux 5.8 kernel and still remains defective. Worker exploit promise to publish January 18.
The new vulnerability is caused by incorrect checks transmitted to execute EBPF programs. In particular, the EBPF verifier is properly did not limit the some types of pointers * _or_null, which made it possible to produce manipulations with pointers from EBPF programs and to increase their privileges.
To block the vulnerability operation, it is proposed to prohibit the execution of BPF programs from the unprivileged users with the command “SYSCTL -W KERNEL.UNPRIVILEGED_BPF_DISAGED = 1”.