Kumwe kusadzikama kwaonekwa muBPF subsystem (hapana CVE), senge dambudziko rezuro rinobvumira mushandisi wemuno asina rusarura kuti aite kodhi paLinux kernel level. Dambudziko rave kuoneka kubvira Linux kernel 5.8 uye rinoramba risina kugadziriswa. Basa rekushanda rakavimbiswa kuburitswa muna Ndira 18.
Kusagadzikana kutsva kunokonzereswa nekusimbisa zvisirizvo zveeBPF zvirongwa zvinofambiswa kuti zviitwe. Kunyanya, iyo eBPF verifier haina kudzora zvakanaka mamwe marudzi e *_OR_NULL anonongedzera, izvo zvakaita kuti zvikwanise kushandura anongedza kubva kumapurogiramu eBPF uye kuwana kuwedzera kweropafadzo dzavo. Kuvhara kushandiswa kwekusagadzikana, zvinokurudzirwa kurambidza kuitwa kwezvirongwa zveBPF nevashandisi vasina rusarura nemurairo "sysctl -w kernel.unprivileged_bpf_disabled=1".
Source: opennet.ru