Olunye ubungozi luchongiwe kwi-subsystem ye-eBPF (akukho CVE), njengengxaki yayizolo evumela umsebenzisi wasekhaya ongekho mthethweni ukuba enze ikhowudi kwinqanaba le-Linux kernel. Ingxaki ibonakala ukususela kwi-Linux kernel 5.8 kwaye ihlala ingalungiswanga. Ukuxhaphaza okusebenzayo kuthenjiswe ukuba kupapashwe ngoJanuwari 18.
Ubuthathaka obutsha bubangelwa kungqinisiso olungachanekanga lweeprogram ze-eBPF ezithunyelwa ukuba ziphunyezwe. Ngokukodwa, umqinisekisi we-eBPF akazange athintele ngokufanelekileyo ezinye iindidi ze-*_OR_NULL izikhombisi, ezenze ukuba kube lula ukukhohlisa izikhombisi kwiinkqubo ze-eBPF kunye nokuzuza ukongezwa kwamalungelo abo. Ukuthintela ukusetyenziswa komngcipheko, kucetywayo ukuthintela ukuphunyezwa kweenkqubo ze-BPF ngabasebenzisi abangenanto kunye nomyalelo "sysctl -w kernel.unprivileged_bpf_disabled=1".
umthombo: opennet.ru