Adam Morrison

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.12.13 **Description** The issue is related to a branch misprediction in the Linux kernel's eBPF subsystem, which can be exploited via a side-channel attack, allowing an unprivileged BPF program to read arbitrary memory locations. This vulnerability is connected to type confusion and can be used to bypass protection against Spectre-class attacks, potentially leading to unauthorized access to protected information. The exploitation requires manipulating BPF programs to generate specific instructions that can lead to speculative execution and memory leakage through side channels. **Recommendations** For Linux kernel versions prior to 5.12.13, update to version 5.12.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the eBPF subsystem until a patch is applied. Avoid using BPF programs that can be manipulated to generate instructions leading to speculative execution and memory leakage.