In the Linux kernel, the following vulnerability has been resolved:
bpf: Skip task with pid=1 in sendsignalcommon()
The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details:
Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace: <TASK> _dumpstack lib/dumpstack.c:88 [inline] dumpstacklvl+0x100/0x178 lib/dumpstack.c:106 panic+0x2c4/0x60f kernel/panic.c:275 doexit.cold+0x63/0xe4 kernel/exit.c:789 dogroupexit+0xd4/0x2a0 kernel/exit.c:950 getsignal+0x2460/0x2600 kernel/signal.c:2858 archdosignalorrestart+0x78/0x5d0 arch/x86/kernel/signal.c:306 exittousermodeloop kernel/entry/common.c:168 [inline] exittousermodeprepare+0x15f/0x250 kernel/entry/common.c:203 _syscallexittousermodework kernel/entry/common.c:285 [inline] syscallexittousermode+0x1d/0x50 kernel/entry/common.c:296 dosyscall64+0x44/0xb0 arch/x86/entry/common.c:86 entrySYSCALL64afterhwframe+0x63/0xcd
So skip task with pid=1 in bpfsendsignal_common() to avoid the panic.
[1] https://lore.kernel.org/bpf/20221222043507.33037-1-sunhao.th@gmail.com
{ "vanir_signatures": [ { "signature_version": "v1", "target": { "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3d81bc1eaef48e34dd0b9b48eefed9e02a06451", "deprecated": false, "digest": { "line_hashes": [ "172658823922880847408298047740854488890", "244502456610798391723082739287073260664", "97336750163640978174706192793794142481", "211342748209825727111814550736052370722" ], "threshold": 0.9 }, "id": "CVE-2023-52992-0471be9f" }, { "signature_version": "v1", "target": { "function": "bpf_send_signal_common", "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a3d81bc1eaef48e34dd0b9b48eefed9e02a06451", "deprecated": false, "digest": { "length": 566.0, "function_hash": "264598430686756199940044604978502774756" }, "id": "CVE-2023-52992-1776dd75" }, { "signature_version": "v1", "target": { "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1283a01b6e19d05f7ed49584ea653947245cd41e", "deprecated": false, "digest": { "line_hashes": [ "172658823922880847408298047740854488890", "244502456610798391723082739287073260664", "97336750163640978174706192793794142481", "211342748209825727111814550736052370722" ], "threshold": 0.9 }, "id": "CVE-2023-52992-3a3ae9a0" }, { "signature_version": "v1", "target": { "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4923160393b06a34759a11b17930d71e06f396f2", "deprecated": false, "digest": { "line_hashes": [ "19957072933651909226939142961961907423", "244502456610798391723082739287073260664", "97336750163640978174706192793794142481", "211342748209825727111814550736052370722" ], "threshold": 0.9 }, "id": "CVE-2023-52992-402343b5" }, { "signature_version": "v1", "target": { "function": "bpf_send_signal_common", "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@1283a01b6e19d05f7ed49584ea653947245cd41e", "deprecated": false, "digest": { "length": 566.0, "function_hash": "264598430686756199940044604978502774756" }, "id": "CVE-2023-52992-6f7d49b5" }, { "signature_version": "v1", "target": { "function": "bpf_send_signal_common", "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1c0263f1eb4deee132e11e52ee6982435460d81", "deprecated": false, "digest": { "length": 640.0, "function_hash": "230695675906346786244895748893029190899" }, "id": "CVE-2023-52992-725b8e08" }, { "signature_version": "v1", "target": { "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0dfef503133565fa0bcf3268d8eeb5b181191a65", "deprecated": false, "digest": { "line_hashes": [ "19957072933651909226939142961961907423", "244502456610798391723082739287073260664", "97336750163640978174706192793794142481", "211342748209825727111814550736052370722" ], "threshold": 0.9 }, "id": "CVE-2023-52992-8051da1b" }, { "signature_version": "v1", "target": { "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Line", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@a1c0263f1eb4deee132e11e52ee6982435460d81", "deprecated": false, "digest": { "line_hashes": [ "19957072933651909226939142961961907423", "244502456610798391723082739287073260664", "97336750163640978174706192793794142481", "211342748209825727111814550736052370722" ], "threshold": 0.9 }, "id": "CVE-2023-52992-ca1d7a18" }, { "signature_version": "v1", "target": { "function": "bpf_send_signal_common", "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@0dfef503133565fa0bcf3268d8eeb5b181191a65", "deprecated": false, "digest": { "length": 616.0, "function_hash": "256878762568647561824667011685530212966" }, "id": "CVE-2023-52992-d1339920" }, { "signature_version": "v1", "target": { "function": "BPF_CALL_1", "file": "kernel/trace/bpf_trace.c" }, "signature_type": "Function", "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4923160393b06a34759a11b17930d71e06f396f2", "deprecated": false, "digest": { "length": 592.0, "function_hash": "59372693524606755968684717876032740625" }, "id": "CVE-2023-52992-d2f547bc" } ] }