Loading and accessing the packet filters programs and maps using the bpf() system call has the potential of revealing sensitive information about the kernel state.
Check
Verify Amazon Linux 2023 prevents privilege escalation through the kernel by disabling access to the bpf system call with the following commands:
If the returned line does not have a value of "1", or a line is not returned, this is a finding.
Fix
Configure Amazon Linux 2023 to prevent privilege escalation through the kernel by disabling access to the bpf syscall by adding the following line to a file, in the "/etc/sysctl.d" directory:
kernel.unprivileged_bpf_disabled = 1
The system configuration files must be reloaded for the changes to take effect. To reload the contents of the files, run the following command: