CVE-2023-52992
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Skip task with pid=1 in send_signal_common()
The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details:
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x100/0x178 lib/dump_stack.c:106 panic+0x2c4/0x60f kernel/panic.c:275 do_exit.cold+0x63/0xe4 kernel/exit.c:789 do_group_exit+0xd4/0x2a0 kernel/exit.c:950 get_signal+0x2460/0x2600 kernel/signal.c:2858 arch_do_signal_or_restart+0x78/0x5d0 arch/x86/kernel/signal.c:306 exit_to_user_mode_loop kernel/entry/common.c:168 [inline] exit_to_user_mode_prepare+0x15f/0x250 kernel/entry/common.c:203 __syscall_exit_to_user_mode_work kernel/entry/common.c:285 [inline] syscall_exit_to_user_mode+0x1d/0x50 kernel/entry/common.c:296 do_syscall_64+0x44/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x63/0xcd
So skip task with pid=1 in bpf_send_signal_common() to avoid the panic.
[1] https://lore.kernel.org/bpf/20221222043507.33037-1-sunhao.th@gmail.com
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 8b401f9ed2441ad9e219953927a842d24ed051fc < 4923160393b06a34759a11b17930d71e06f396f2 | affected |
| Linux | Linux | 8b401f9ed2441ad9e219953927a842d24ed051fc < a1c0263f1eb4deee132e11e52ee6982435460d81 | affected |
| Linux | Linux | 8b401f9ed2441ad9e219953927a842d24ed051fc < 0dfef503133565fa0bcf3268d8eeb5b181191a65 | affected |
| Linux | Linux | 8b401f9ed2441ad9e219953927a842d24ed051fc < 1283a01b6e19d05f7ed49584ea653947245cd41e | affected |
| Linux | Linux | 8b401f9ed2441ad9e219953927a842d24ed051fc < a3d81bc1eaef48e34dd0b9b48eefed9e02a06451 | affected |
| Linux | Linux | 5.3 | affected |
| Linux | Linux | 0 < 5.3 | unaffected |
| Linux | Linux | 5.4.231 <= 5.4.* | unaffected |
| Linux | Linux | 5.10.167 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.92 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.10 <= 6.1.* | unaffected |
| Linux | Linux | 6.2 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/4923160393b06a34759a11b17930d71e06f396f2
- https://git.kernel.org/stable/c/a1c0263f1eb4deee132e11e52ee6982435460d81
- https://git.kernel.org/stable/c/0dfef503133565fa0bcf3268d8eeb5b181191a65
- https://git.kernel.org/stable/c/1283a01b6e19d05f7ed49584ea653947245cd41e
- https://git.kernel.org/stable/c/a3d81bc1eaef48e34dd0b9b48eefed9e02a06451
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.