Bug: https://github.com/falcosecurity/libs/issues/1063
Subset of patch taken from: https://github.com/falcosecurity/libs/pull/1071

diff --git a/driver/ppm_fillers.c b/driver/ppm_fillers.c
index 0441923c6d..cfa967f134 100644
--- a/driver/ppm_fillers.c
+++ b/driver/ppm_fillers.c
@@ -1329,7 +1329,10 @@ int f_proc_startupdate(struct event_filler_arguments *args)
 
 		if (exe_file != NULL) {
 			if (file_inode(exe_file) != NULL) {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 3, 0)
+				exe_writable |= (file_permission(exe_file, MAY_WRITE) == 0);
+				exe_writable |= inode_owner_or_capable(file_mnt_idmap(exe_file), file_inode(exe_file));
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(5, 12, 0)
 				exe_writable |= (inode_permission(current_user_ns(), file_inode(exe_file), MAY_WRITE) == 0);
 				exe_writable |= inode_owner_or_capable(current_user_ns(), file_inode(exe_file));
 #else