CVE-2023-52992 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x100/0x178 lib/dump_stack.c:106 panic+0x2c4/0x60f kernel/panic.c:275 do_exit.cold+0x63/0xe4 kernel/exit.c:789 do_group_exit+0xd4/0x2a0 kernel/exit.c:950 get_signal+0x2460/0x2600 kernel/signal.c:2858 arch_do_signal_or_restart+0x78/0x5d0 arch/x86/kernel/signal.c:306 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296 do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd So skip task with pid=1 in bpf_send_signal_common() to avoid the panic. [1] https://lore.kernel.org/bpf/20221222043507.33037-1-sunhao.th@gmail.com

Reserved 2025-03-27 | Published 2025-03-27 | Updated 2025-05-04 | Assigner Linux

Product status

Default status

unaffected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 4923160393b06a34759a11b17930d71e06f396f2

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before a1c0263f1eb4deee132e11e52ee6982435460d81

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 0dfef503133565fa0bcf3268d8eeb5b181191a65

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before 1283a01b6e19d05f7ed49584ea653947245cd41e

affected

1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 before a3d81bc1eaef48e34dd0b9b48eefed9e02a06451

affected

Default status

affected

5.4.231

unaffected

5.10.167

unaffected

5.15.92

unaffected

6.1.10

unaffected

6.2

unaffected

References

git.kernel.org/...c/4923160393b06a34759a11b17930d71e06f396f2

git.kernel.org/...c/a1c0263f1eb4deee132e11e52ee6982435460d81

git.kernel.org/...c/0dfef503133565fa0bcf3268d8eeb5b181191a65

git.kernel.org/...c/1283a01b6e19d05f7ed49584ea653947245cd41e

git.kernel.org/...c/a3d81bc1eaef48e34dd0b9b48eefed9e02a06451

cve.org (CVE-2023-52992)

nvd.nist.gov (CVE-2023-52992)

Download JSON