AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-52828: In the Linux kernel, the following vulnerability has been resolved: bpf: Detect IP == ksym.end as part of BPF program

mediumvulnerability

security

Source: NVD/CVE DatabaseMay 21, 2024CVE-2023-52828

Summary

A vulnerability in the Linux kernel's BPF (Berkeley Packet Filter, a technology for running safe programs in the kernel) subsystem occurs when a BPF program ends with a call to bpf_throw (a function that terminates execution), causing the instruction pointer to point just past the program's boundary. This breaks stack unwinding (the process of tracking where an error originated across function calls), potentially causing a panic (system crash). The fix makes the kernel treat instruction pointers at the program boundary (IP == ksym.end) as part of the program, allowing reliable stack unwinding in these cases.

Solution / Mitigation

Make bpf_prog_ksym_find treat IP == ksym.end as part of the BPF program, so that is_bpf_text_address returns true when such a case occurs, allowing reliable unwinding when the final instruction ends up being a call instruction.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationAdvanced

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-52828

First tracked: February 15, 2026 at 08:35 PM

Classified by LLM (prompt v3) · confidence: 95%