ALAS2023-2023-422 --- kernelID: oval:org.secpod.oval:def:19500481 | Date: (C)2024-01-04 (M)2024-04-25 |
Class: PATCH | Family: unix |
A flaw in the kernel Xen event handler can cause a deadlock with Xen console handling in unprivileged Xen guests. An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel
Platform: |
Amazon Linux 2023 |
Product: |
kernel |
bpftool |
python3-perf |
perf |