Chiwopsezo china chadziwika mu kagawo kakang'ono ka eBPF (palibe CVE), monga vuto ladzulo lomwe limalola wogwiritsa ntchito wamba kuti apereke code pa Linux kernel level. Vutoli lakhala likuwonekera kuyambira Linux kernel 5.8 ndipo silinakonzedwe. Ntchito yogwirira ntchito idalonjezedwa kuti idzasindikizidwa pa Januware 18.
Chiwopsezo chatsopanochi chimayamba chifukwa cha kutsimikizira kolakwika kwa mapulogalamu a eBPF omwe amaperekedwa kuti aphedwe. Makamaka, zotsimikizira za eBPF sizinalepheretse bwino mitundu ina ya zolozera za *_OR_NULL, zomwe zidapangitsa kuti zitheke kuwongolera zolozera kuchokera ku mapulogalamu a eBPF ndikukwaniritsa mwayi wawo wowonjezera. Kuletsa kugwiritsa ntchito pachiwopsezo, akufunsidwa kuti aletse kuchitidwa kwa mapulogalamu a BPF ndi ogwiritsa ntchito opanda mwayi ndi lamulo "sysctl -w kernel.unprivileged_bpf_disabled=1".
Source: opennet.ru