CVE-2023-52928
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/03/2025
Last modified:
29/10/2025
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
bpf: Skip invalid kfunc call in backtrack_insn<br />
<br />
The verifier skips invalid kfunc call in check_kfunc_call(), which<br />
would be captured in fixup_kfunc_call() if such insn is not eliminated<br />
by dead code elimination. However, this can lead to the following<br />
warning in backtrack_insn(), also see [1]:<br />
<br />
------------[ cut here ]------------<br />
verifier backtracking bug<br />
WARNING: CPU: 6 PID: 8646 at kernel/bpf/verifier.c:2756 backtrack_insn<br />
kernel/bpf/verifier.c:2756<br />
__mark_chain_precision kernel/bpf/verifier.c:3065<br />
mark_chain_precision kernel/bpf/verifier.c:3165<br />
adjust_reg_min_max_vals kernel/bpf/verifier.c:10715<br />
check_alu_op kernel/bpf/verifier.c:10928<br />
do_check kernel/bpf/verifier.c:13821 [inline]<br />
do_check_common kernel/bpf/verifier.c:16289<br />
[...]<br />
<br />
So make backtracking conservative with this by returning ENOTSUPP.<br />
<br />
[1] https://lore.kernel.org/bpf/CACkBjsaXNceR8ZjkLG=dT3P=4A8SBsg0Z5h5PWLryF5=ghKq=g@mail.gmail.com/
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.13 (including) | 5.15.93 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.11 (excluding) |
| cpe:2.3:o:linux:linux_kernel:6.2:rc1:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc2:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:6.2:rc4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page