CVE-2019-8339, a Falco capacity related vulnerability.

CVE-2019-8339 is a medium-severity vulnerability discovered in Falco, an open-source threat detection tool, which allows attackers, who have already gained system access, to flood the system with system calls, potentially bypassing Falco's detection capabilities. The issue involves the buffer used between the kernel and user space for processing system call events, which can be overwhelmed, leading to dropped events that might include malicious activity. Falco version 0.15.0 addresses this vulnerability by implementing new detection methods for dropped system calls and providing configurable actions when drops are detected, such as sending alerts or logging messages. The update also includes performance improvements, such as reading events from the system call buffer using an adaptive algorithm and fetching container metadata asynchronously to reduce event drops. Future plans include providing a Prometheus endpoint for enhanced monitoring and undergoing a security audit to further strengthen Falco's defenses.