{
  "threat_severity" : "Moderate",
  "public_date" : "2024-09-04T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: bonding: fix xfrm real_dev null pointer dereference",
    "id" : "2309852",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2309852"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-476",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nbonding: fix xfrm real_dev null pointer dereference\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\nExample trace:\nkernel: BUG: unable to handle page fault for address: 0000000000001030\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: #PF: supervisor write access in kernel mode\nkernel: #PF: error_code(0x0002) - not-present page\nkernel: PGD 0 P4D 0\nkernel: Oops: 0002 [#1] PREEMPT SMP\nkernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\nkernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nkernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel:\nkernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\nkernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\nkernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\nkernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\nkernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\nkernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\nkernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nkernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: Call Trace:\nkernel:  <TASK>\nkernel:  ? __die+0x1f/0x60\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel:  ? page_fault_oops+0x142/0x4c0\nkernel:  ? do_user_addr_fault+0x65/0x670\nkernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel:  ? exc_page_fault+0x7b/0x180\nkernel:  ? asm_exc_page_fault+0x22/0x30\nkernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\nkernel:  xfrm_output+0x61/0x3b0\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel:  ip_push_pending_frames+0x56/0x80" ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8870",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8::nfv",
    "package" : "kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2024-11-05T00:00:00Z",
    "advisory" : "RHSA-2024:8856",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "kernel-0:4.18.0-553.27.1.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHSA-2025:6966",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-570.12.1.el9_6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2024-12-04T00:00:00Z",
    "advisory" : "RHSA-2024:10771",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "kernel-0:5.14.0-427.47.1.el9_4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-44989\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44989\nhttps://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T" ],
  "name" : "CVE-2024-44989",
  "csaw" : false
}