An issue was discovered in Sysdig through 0.24.2, as used in Falco through 0.14.0 and other products. A bypass allows local users to run malicious code without being detected because record_event_consumer in driver/main.c in sysdig-probe.ko (and falco-probe.ko) mishandles a free space calculation.

No comments yet.

Leave a Reply

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 1,358,779 bad guys.