CVE-2022-2785

Name of the Vulnerable Software and Affected Versions Linux Kernel BPF (affected versions not specified)

Description The issue is related to an arbitrary memory read within the Linux Kernel BPF. Constants provided to fill pointers in structs passed to bpf sys bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP BPF can arbitrarily read memory from anywhere on the system.

Recommendations To resolve the issue, upgrade past commit 86f44fcec22c. As a temporary workaround, consider restricting the use of the bpf sys bpf function until a patch is available. Restrict access to the BPF subsystem to minimize the risk of exploitation.