linux is vulnerable to privilege escalation. The vulnerability exists if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y
, and CONFIG_HARDENED_USERCOPY
not set, and BPF
hook to getsockopt
is registered. During the execution of BPF, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt()
function that can lead to heap overflow.