There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIGBPFSYSCALL=y , CONFIGBPF=y , CONFIGCGROUPS=y , CONFIGCGROUPBPF=y , CONFIGHARDENEDUSERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in _cgroupbpfrunfilter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation.