An out-of-bounds access flaw was found in the Linux kernel’s implementation of the eBPF code verifier, where an incorrect register bounds calculation while checking 32-bit instructions in an eBPF program occurs. This flaw allows an unprivileged user or process to execute eBPF programs to crash the kernel, resulting in a denial of service or potentially gaining root privileges on the system.

Mitigation

The Linux kernel versions as shipped with Red Hat Enterprise Linux 5, 6, 7, 8 and Red Hat Enterprise Linux MRG 2 are not affected because they did not backport the commit

581738a681b6 ("bpf: Provide better register bounds after jmp32 instructions")

which introduced this issue. Also by default unprivileged user are not allowed to access bpf(2) syscall.

Fedora kernel allows unprivileged users to access to bpf(2) syscall by default and is prone to this issue. To disable unprivileged access to bpf(2) sycall set following sysctl(8) variable:

sysctl -w kernel.unprivileged_bpf_disabled=1