CME-603

Unprivileged BPF Disabled

Harden OS/Kernel High Confidence

Description

Prevents unprivileged users from loading BPF programs into the kernel. BPF programs run in kernel context and vulnerabilities in the BPF verifier have been a frequent source of privilege escalation.

CVSS Vector Impacts

Metric Transition Rationale
Privileges Required (PR) L H Unprivileged user cannot load BPF programs to exploit verifier bugs

CWE Relationships

CWE-269 CWE-119

Verification

Check unprivileged_bpf_disabled sysctl

$ cat /proc/sys/kernel/unprivileged_bpf_disabled
# Expected: 1
Platform: linux

References

  • Red Hat Security Hardening Guide — BPF hardening
← CME-602: seccomp-bpf Profile (Container Default) CME-604: Unprivileged User Namespaces Disabled →