/proc/sys/net/core/bpf_jit_enable Which will persist until reversed or a system reboot. A more permanent removal can be achieved by using your distribution’s syscfg equivalent utility to set “net.core.bpf_jit_enable=0” at boot time. Of course, this type of solution solves the problem by disabling the functionality, which in itself is self-defeating. If you actually had your system configured to use BPF JIT, in all likelihood your use case needed that setting explicitly enabled, and you should rely instead on proper kernel patching, either through your distribution vendor’s patches or through KernelCare’s rebootless process.” width=”2600″ loading=”lazy” style=”width: 2600px;”>
Another vulnerability targeting the BPF subsystem has been disclosed publicly in the past few days (CVE-2021-29154). It allows users on a system running non-default configuration of the BPF subsystem to run specially crafted code as a BPF filter and run arbitrary executable code in the kernel context.
According to vendors, it affects all distributions running kernels up to version 5.11.12. Distribution vendors are starting to deliver patches through their update mechanisms, and KernelCare is also finalizing patches for it’s rebootless patching process to address this issue.