kernel is vulnerable to information disclosure, A local user with CAP_NET_ADMIN can attach an ebpf filter to setsockopt()
syscall. This filter can be triggered under the right conditions to leak kernel internal information and allows an attacker to determine the layout of information in kernel memory to be used in future attacks.