This Proof-Of-Concept demonstrates the exploitation of CVE-2023-2163.
A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths being incorrectly marked as safe. As demonstrated in the exploitation section, this can be leveraged to get arbitrary read/write in kernel memory, leading to LPE and Container escape.
$ make
$ ./exploit
Juan Jose Lopez Jaimez (@thatjiaozi) Meador Inge (@meadori) Simon Scannell (@scannell_simon) Valentina Palmiotti (@chompie1337)