AZL-50960

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50960.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-50960

Upstream

CVE-2024-47734

Published

2024-10-21T13:15:03Z

Modified

2026-04-01T05:17:38.718539Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

CVE-2024-47734 affecting package kernel for versions less than 6.6.56.1-5

Details

In the Linux kernel, the following vulnerability has been resolved:

bonding: Fix unnecessary warnings and logs from bondxdpgetxmitslave()

syzbot reported a WARNING in bondxdpgetxmitslave. To reproduce this[1], one bond device (bond1) has xdpdrv, which increases bpfmasterredirectenabledkey. Another bond device (bond0) which is unsupported by XDP but its slave (veth3) has xdpgeneric that returns XDPTX. This triggers WARNONONCE() from the xdpmasterredirect(). To reduce unnecessary warnings and improve log management, we need to delete the WARNONONCE() and add ratelimit to the netdeverr().

[1] Steps to reproduce: # Needs txxdp with return XDPTX; ip l add veth0 type veth peer veth1 ip l add veth3 type veth peer veth4 ip l add bond0 type bond mode 6 # BONDMODEALB, unsupported by XDP ip l add bond1 type bond # BONDMODEROUNDROBIN by default ip l set veth0 master bond1 ip l set bond1 up # Increases bpfmasterredirectenabledkey ip l set dev bond1 xdpdrv object txxdp.o section xdptx ip l set veth3 master bond0 ip l set bond0 up ip l set veth4 up # Triggers WARNONONCE() from the xdpmasterredirect() ip l set veth3 xdpgeneric object txxdp.o section xdptx

References

https://nvd.nist.gov/vuln/detail/CVE-2024-47734

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.56.1-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-50960.json"