The bpf verifier in the Linux kernel is vulnerable to arbitrary code execution. A local attacker with the ability to load malicious bpf programs is able to exploit an out-of-bounds read through the bpf verifier and execute arbitrary code on the host OS.
packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html
packetstormsecurity.com/files/164950/Kernel-Live-Patch-Security-Notice-LSN-0082-1.html
www.openwall.com/lists/oss-security/2021/03/23/2
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9b00f1b78809
git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2021-3444
lists.debian.org/debian-lts-announce/2021/10/msg00010.html
security.netapp.com/advisory/ntap-20210416-0006/
www.openwall.com/lists/oss-security/2021/03/23/2