CVE-2023-52992

The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details:

Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace: <TASK> __dumpstack lib/dumpstack.c:88 [inline] dump_stacklvl+0x100/0x178 lib/dumpstack.c:106 panic+0x2c4/0x60f kernel/panic.c:275 doexit.cold+0x63/0xe4 kernel/exit.c:789 dogroupexit+0xd4/0x2a0 kernel/exit.c:950 getsignal+0x2460/0x2600 kernel/signal.c:2858 archdosignalorrestart+0x78/0x5d0 arch/x86/kernel/signal.c:306 exittousermodeloop kernel/entry/common.c:168 [inline] exittousermodeprepare+0x15f/0x250 kernel/entry/common.c:203 _syscallexittousermodework kernel/entry/common.c:285 [inline] syscallexittousermode+0x1d/0x50 kernel/entry/common.c:296 dosyscall64+0x44/0xb0 arch/x86/entry/common.c:86 entrySYSCALL64afterhwframe+0x63/0xcd

So skip task with pid=1 in bpfsendsignal_common() to avoid the panic.

[1] https://lore.kernel.org/bpf/20221222043507.33037-1-sunhao.th@gmail.com

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/52xxx/CVE-2023-52992.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

8b401f9ed2441ad9e219953927a842d24ed051fc

Fixed

4923160393b06a34759a11b17930d71e06f396f2

Fixed

a1c0263f1eb4deee132e11e52ee6982435460d81

Fixed

0dfef503133565fa0bcf3268d8eeb5b181191a65

Fixed

1283a01b6e19d05f7ed49584ea653947245cd41e

Fixed

a3d81bc1eaef48e34dd0b9b48eefed9e02a06451

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-52992.json"