Acknowledged
Created: May 12, 2026
Updated: May 20, 2026
Resolved Date: May 19, 2026
Found In Version: 10.23.30.2
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobe_multi programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. However, bpf_kprobe_multi_link_attach() did not validate whether the program being attached had the sleepable flag set, allowing sleepable helpers such as bpf_copy_from_user() to be invoked from a non-sleepable context. This causes a "sleeping function called from invalid context" splat: BUG: sleeping function called from invalid context at ./include/linux/uaccess.h:169 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1787, name: sudo preempt_count: 1, expected: 0 RCU nest depth: 2, expected: 0 Fix this by rejecting sleepable programs early in bpf_kprobe_multi_link_attach(), before any further processing.
========Wind River Notice========
*Mitigation:*
Customers can use kernel.unprivileged_bpf_disabled sysctl to prevent unprivileged users from being able to use eBPF. This would require a privileged user with CAP_SYS_ADMIN or root to be able to abuse this flaw reducing its attack space.
Inspect kernel.unprivileged_bpf_disabled sysctl with the command:
cat /proc/sys/kernel/unprivileged_bpf_disabled
The setting of 1 would mean that unprivileged users can not use eBPF, mitigating the flaw.
echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled
For more details, please refer to Linux kernel official document:
https://docs.kernel.org/admin-guide/sysctl/kernel.html#unprivileged-bpf-disabled
