Obunye ubungozi buhlonziwe ohlelweni olungaphansi lwe-eBPF (ayikho i-CVE), njengenkinga yayizolo evumela umsebenzisi wasendaweni ongenalo ilungelo ukuthi akhiphe ikhodi ezingeni le-Linux kernel. Inkinga ibilokhu ivela kusukela ku-Linux kernel 5.8 futhi ihlala ingalungisiwe. Ukuxhashazwa okusebenzayo kuthenjiswe ukuthi kuzoshicilelwa ngoJanuwari 18.
Ukuba sengozini okusha kubangelwa ukuqinisekiswa okungalungile kwezinhlelo ze-eBPF ezidluliselwe ukwenziwa. Ikakhulukazi, isiqinisekisi se-eBPF asizange sikhawulele ngokufanelekile ezinye *_OR_NULL izinhlobo zezikhombisi, okwenze kwaba nokwenzeka ukukhohlisa izikhombi ezinhlelweni ze-eBPF futhi kuzuzwe ukukhushulwa kwamalungelo azo. Ukuze uvimbele ukuxhashazwa kokuba sengozini, kuhlongozwa ukuvimbela ukwenziwa kwezinhlelo ze-BPF ngabasebenzisi abangenamalungelo ngomyalo othi βsysctl -w kernel.unprivileged_bpf_disabled=1β.
Source: opennet.ru