Summary
Incorrect verifier pruning in BPF in some versions of Linux Kernel may lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.
Products Potentially Affected
OS/Product
|
Exposure
|
Switch Engine (EXOS)
|
Yes
|
Repair Recommendations
Switch Engine (EXOS):
- Fixed in 31.7.4.2-patch1-6 or later.
- Fixed in 33.5.1 or later.
Please see the full security advisory article here for more details and future updates.