Linux Kernel Seccomp Uretprobe System Call Passthrough Vulnerability

A vulnerability in the Linux kernel's handling of the uretprobe system call has been addressed. This issue arose when uretprobes were attached to processes running inside Docker, causing those processes to encounter a segmentation fault upon reaching the retprobe. The problem occurred because the default seccomp filters in Docker, which only permit a specific set of known system calls, blocked uretprobe. As uretprobe is a 'kernel implementation detail' system call not directly used by userspace applications, it is impractical to require all such applications to explicitly allow it to prevent crashing processes. The vulnerability has been resolved by allowing the uretprobe system call to pass through seccomp without relying on user configuration.

Impact

The vulnerability could lead to a segmentation fault in processes running inside Docker when uretprobes are attached, causing those processes to crash.