W1Tcher.Bupt

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16 rc2 **Description** A race condition was found in the Linux kernel's ebpf verifier between `bpf map update elem` and `bpf map freeze` due to a missing lock in kernel/bpf/syscall.c. This issue allows a local user with special privileges, such as `cap sys admin` or `cap bpf`, to modify the frozen mapped address space, potentially compromising data integrity. **Recommendations** For Linux kernel versions prior to 5.16 rc2, update to version 5.16 rc2 or later to resolve the issue. As a temporary workaround, consider restricting the use of `bpf map update elem` and `bpf map freeze` functions until a patch is available. Additionally, limiting privileges to prevent local users from obtaining `cap sys admin` or `cap bpf` capabilities can help minimize the risk of exploitation.