linux-latest (105+deb10u14) buster-security; urgency=high * From Linux 4.19.232-1, the Extended Berkeley Packet Fillter (eBPF) facility is no longer enabled by default for users without the CAP_SYS_ADMIN capability (this normally means only the root user). eBPF can be used for speculative execution side-channel attacks, and earlier attempts to mitigate this have not completely succeeded. This can be overridden by setting the sysctl: kernel.unprivileged_bpf_disabled=0 -- Ben Hutchings <benh@debian.org> Mon, 07 Mar 2022 22:37:11 +0100