A flaw was found in the Linux kernel's eBPF verification code. It was discovered that eBPF ALU32 bounds tracking for bitwise ops (AND, OR, and XOR) did not update the 32-bit bounds. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions could use this flaw to crash the system or possibly escalate their privileges on the system.
A flaw was found in the Linux kernel's eBPF verification code. It was discovered that eBPF ALU32 bounds tracking for bitwise ops (AND, OR, and XOR) did not update the 32-bit bounds. By default, accessing the eBPF verifier is only accessible to privileged users with CAP_SYS_ADMIN. A local user with the ability to insert eBPF instructions could use this flaw to crash the system or possibly escalate their privileges on the system.