CVE-2024-44989

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-44989
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44989.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-44989
Downstream
Related
Published
2024-09-04T19:54:36.858Z
Modified
2026-05-28T03:54:32.507311338Z
Summary
bonding: fix xfrm real_dev null pointer dereference
Details

In the Linux kernel, the following vulnerability has been resolved:

bonding: fix xfrm real_dev null pointer dereference

We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok() in parallel. All callbacks assume real_dev is set.

Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: errorcode(0x0002) - not-present page kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 kernel: RIP: 0010:nsimipsecoffloadok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): bondipsecaddsaall: failed to add SA kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (slave eni0np1): making interface the new active one kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (slave eni0np1): bondipsecaddsaall: failed to add SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014 kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel: bond0: (slave eni0np1): making interface the new active one kernel: Call Trace: kernel: <TASK> kernel: ? _die+0x1f/0x60 kernel: bond0: (slave eni0np1): bondipsecaddsaall: failed to add SA kernel: ? pagefaultoops+0x142/0x4c0 kernel: ? douseraddrfault+0x65/0x670 kernel: ? kvmreadandresetapfflags+0x3b/0x50 kernel: bond0: (slave eni0np1): making interface the new active one kernel: ? excpagefault+0x7b/0x180 kernel: ? asmexcpagefault+0x22/0x30 kernel: ? nsimbpfuninit+0x50/0x50 [netdevsim] kernel: bond0: (slave eni0np1): bondipsecaddsaall: failed to add SA kernel: ? nsimipsecoffloadok+0xc/0x20 [netdevsim] kernel: bond0: (slave eni0np1): making interface the new active one kernel: bondipsecoffloadok+0x7b/0x90 [bonding] kernel: xfrmoutput+0x61/0x3b0 kernel: bond0: (slave eni0np1): bondipsecaddsaall: failed to add SA kernel: ippushpendingframes+0x56/0x80

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44989.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
18cb261afd7bf50134e5ccacc5ec91ea16efadd4
Fixed
21816b696c172c19d53a30d45ee005cce246ed21
Fixed
2f72c6a66bcd7e0187ec085237fee5db27145294
Fixed
7fa9243391ad2afe798ef4ea2e2851947b95754f
Fixed
4582d4ff413a07d4ed8a4823c652dc5207760548
Fixed
89fc1dca79db5c3e7a2d589ecbf8a3661c65f436
Fixed
f8cde9805981c50d0c029063dc7d82821806fc44

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44989.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.9.0
Fixed
5.10.225
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.166
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.107
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.48
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.10.7

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-44989.json"