Authored by Simon Scannell, Valentina Palmiotti, Meador Inge, Juan Jose Lopez Jaimez | Site github.com

A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths being incorrectly marked as safe. As demonstrated in the exploitation section, this can be leveraged to get arbitrary read/write in kernel memory, leading to local privilege escalation and Container escape.

advisories | CVE-2023-2163