CVE-2023-52828

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue is related to the BPF (Berkeley Packet Filter) program in the Linux kernel. When the bpf throw kfunc is called, it triggers dead code elimination in an unprecedented way, causing any instruction following the bpf throw call to never be marked as seen. This can lead to unreliable stack unwinding of BPF programs, resulting in a panic. The problem occurs when the final instruction emitted is a call to bpf throw or a subprogram that always throws, causing the return address to lie outside the program's boundaries.

To resolve this issue, bpf prog ksym find should treat IP == ksym.end as part of the BPF program, allowing is bpf text address to return true and enabling reliable unwinding when the final instruction is a call instruction.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.