CVE - CVE-2023-52992

CVE-ID
CVE-2023-52992	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x100/0x178 lib/dump_stack.c:106 panic+0x2c4/0x60f kernel/panic.c:275 do_exit.cold+0x63/0xe4 kernel/exit.c:789 do_group_exit+0xd4/0x2a0 kernel/exit.c:950 get_signal+0x2460/0x2600 kernel/signal.c:2858 arch_do_signal_or_restart+0x78/0x5d0 arch/x86/kernel/signal.c:306 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296 do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd So skip task with pid=1 in bpf_send_signal_common() to avoid the panic. [1] https://lore.kernel.org/bpf/20221222043507.33037-1-sunhao.th@gmail.com
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://git.kernel.org/stable/c/0dfef503133565fa0bcf3268d8eeb5b181191a65 URL:https://git.kernel.org/stable/c/0dfef503133565fa0bcf3268d8eeb5b181191a65 MISC:https://git.kernel.org/stable/c/1283a01b6e19d05f7ed49584ea653947245cd41e URL:https://git.kernel.org/stable/c/1283a01b6e19d05f7ed49584ea653947245cd41e MISC:https://git.kernel.org/stable/c/4923160393b06a34759a11b17930d71e06f396f2 URL:https://git.kernel.org/stable/c/4923160393b06a34759a11b17930d71e06f396f2 MISC:https://git.kernel.org/stable/c/a1c0263f1eb4deee132e11e52ee6982435460d81 URL:https://git.kernel.org/stable/c/a1c0263f1eb4deee132e11e52ee6982435460d81 MISC:https://git.kernel.org/stable/c/a3d81bc1eaef48e34dd0b9b48eefed9e02a06451 URL:https://git.kernel.org/stable/c/a3d81bc1eaef48e34dd0b9b48eefed9e02a06451
Assigning CNA
kernel.org
Date Record Created
20250327	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20250327)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)