medium
5.5
CWE
476
Advisory Published
Updated

CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference

First published: Wed Sep 04 2024(Updated: )

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x0002) - not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel: bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ? __die+0x1f/0x60 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface the new active one kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding] kernel: xfrm_output+0x61/0x3b0 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA kernel: ip_push_pending_frames+0x56/0x80

Credit: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Affected SoftwareAffected VersionHow to fix
debian/linux<=5.10.223-1
5.10.226-1
6.1.123-1
6.1.119-1
6.12.10-1
6.12.11-1
debian/linux-6.1
6.1.119-1~deb11u1
Linux Kernel>=5.9<5.10.225
Linux Kernel>=5.11<5.15.166
Linux Kernel>=5.16<6.1.107
Linux Kernel>=6.2<6.6.48
Linux Kernel>=6.7<6.10.7
Linux Kernel=6.11-rc1
Linux Kernel=6.11-rc2
Linux Kernel=6.11-rc3
Linux Kernel=6.11-rc4

Remedy

https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21

Remedy

https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294

Remedy

https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548

Remedy

https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f

Remedy

https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436

Remedy

https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2024-44989?

    CVE-2024-44989 has been classified as a medium severity vulnerability in the Linux kernel.

  • How do I fix CVE-2024-44989?

    To fix CVE-2024-44989, update to the recommended versions of the Linux kernel as specified in the documentation.

  • Which Linux kernel versions are affected by CVE-2024-44989?

    CVE-2024-44989 affects Linux kernel versions up to 5.10.223-1 as well as specific 6.x versions prior to the patched releases.

  • Is CVE-2024-44989 remotely exploitable?

    CVE-2024-44989 may be exploited in specific conditions mainly affecting local processes rather than being remotely exploitable.

  • What does CVE-2024-44989 involve technically?

    CVE-2024-44989 involves a null pointer dereference related to the xfrm subsystem in the Linux kernel's bonding implementation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203