Linux · Linux Kernel Bpf · CVE-2022-2785
**Name of the Vulnerable Software and Affected Versions**
Linux Kernel BPF (affected versions not specified)
**Description**
The issue is related to an arbitrary memory read within the Linux Kernel BPF. Constants provided to fill pointers in structs passed to `bpf sys bpf` are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP BPF can arbitrarily read memory from anywhere on the system.
**Recommendations**
To resolve the issue, upgrade past commit 86f44fcec22c.
As a temporary workaround, consider restricting the use of the `bpf sys bpf` function until a patch is available.
Restrict access to the BPF subsystem to minimize the risk of exploitation.