Loris Reiff

Name of the Vulnerable Software and Affected Versions: linux kernel versions higher than 5.2 Description: The issue arises from a vulnerability in the linux kernel when compiled with specific config parameters, including CONFIG BPF SYSCALL=y, CONFIG BPF=y, CONFIG CGROUPS=y, CONFIG CGROUP BPF=y, and CONFIG HARDENED USERCOPY not set, along with a registered BPF hook to getsockopt. This vulnerability allows a local user to trigger a bug in the ` cgroup bpf run filter getsockopt()` function, potentially leading to a heap overflow due to non-hardened usercopy. The impact of the attack could result in denial of service or possibly privileges escalation. Recommendations: For linux kernel versions higher than 5.2, consider disabling the BPF hook to getsockopt as a temporary workaround until a patch is available. Restrict access to the ` cgroup bpf run filter getsockopt()` function to minimize the risk of exploitation. Avoid using the `getsockopt` API endpoint with BPF execution until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.