An gano wani rauni a cikin tsarin eBPF (babu CVE), kamar matsalar jiya wacce ke ba da damar mai amfani na gida damar aiwatar da lamba a matakin kernel na Linux. Matsalar tana bayyana tun Linux kernel 5.8 kuma ta kasance ba a gyara ba. An yi alƙawarin buga wani aiki na aiki a ranar 18 ga Janairu.
Sabuwar raunin yana faruwa ne ta hanyar tabbatar da kuskuren shirye-shiryen eBPF da aka watsa don aiwatarwa. Musamman ma, mai tabbatar da eBPF bai takurawa wasu nau'ikan *_OR_NULL masu nuni da kyau ba, wanda ya ba da damar sarrafa masu nuni daga shirye-shiryen eBPF da samun haɓaka gatansu. Don toshe cin gajiyar rauni, an ba da shawarar hana aiwatar da shirye-shiryen BPF ta masu amfani marasa gata tare da umarnin "sysctl -w kernel.unprivileged_bpf_disabled=1".
source: budenet.ru