Blacklisting a kernel module only prevents modprobe from loading it automatically. modprobe by name still works, even if the module is blacklisted, and so does insmod and the syscalls they use.
The author is way above their head and thinks that because they can write Copilot prompts they can write security critical software.
The k8s remediation is setting allowPrivilegeEscalation to false, which you should have already been doing if you follow the in-tree Pod Security Standards at the Restricted profile.
4 comments
[ 1.7 ms ] story [ 21.8 ms ] threadIn any case, this unloads the module which does nothing if it's compiled into the kernel as in GKE.
The author is way above their head and thinks that because they can write Copilot prompts they can write security critical software.