A flaw was found in the Linux kernel’s BPF subsystem, where protection against speculative execution attacks (Spectre mitigation) can be bypassed. The highest threat from this vulnerability is to confidentiality.

Mitigation

The default Red Hat Enterprise Linux kernel setting prevents unprivileged users from being able to use eBPF via the kernel.unprivileged_bpf_disabled sysctl. As such, exploiting this issue would require a privileged user with CAP_SYS_ADMIN or root.

For the Red Hat Enterprise Linux 7 the eBPF for unprivileged users is always disabled. For the Red Hat Enterprise Linux 8 to confirm the current state, inspect the sysctl with the command:

cat /proc/sys/kernel/unprivileged_bpf_disabled

The setting of 1 (default) would mean that unprivileged users cannot use eBPF. Otherwise, to disable eBPF for unprivileged users, add:

kernel.unprivileged_bpf_disabled = 1

To the file "/etc/sysctl.d/disable-ebpf.conf"

Then running the following command as root:

sudo sysctl --system