{"id":"CVE-2024-44989","summary":"bonding: fix xfrm real_dev null pointer dereference","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 \u003c83\u003e 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel:  \u003cTASK\u003e\n kernel:  ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? page_fault_oops+0x142/0x4c0\n kernel:  ? do_user_addr_fault+0x65/0x670\n kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  ? exc_page_fault+0x7b/0x180\n kernel:  ? asm_exc_page_fault+0x22/0x30\n kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel:  xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:  ip_push_pending_frames+0x56/0x80","modified":"2026-04-16T04:31:25.859588786Z","published":"2024-09-04T19:54:36.858Z","related":["ALSA-2024:8856","ALSA-2024:8870","SUSE-SU-2024:3551-1","SUSE-SU-2024:3553-1","SUSE-SU-2024:3561-1","SUSE-SU-2024:3564-1","SUSE-SU-2024:3569-1","SUSE-SU-2024:3587-1","SUSE-SU-2024:3592-1","SUSE-SU-2025:20073-1","SUSE-SU-2025:20077-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44989.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"},{"type":"WEB","url":"https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/44xxx/CVE-2024-44989.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-44989"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"18cb261afd7bf50134e5ccacc5ec91ea16efadd4"},{"fixed":"21816b696c172c19d53a30d45ee005cce246ed21"},{"fixed":"2f72c6a66bcd7e0187ec085237fee5db27145294"},{"fixed":"7fa9243391ad2afe798ef4ea2e2851947b95754f"},{"fixed":"4582d4ff413a07d4ed8a4823c652dc5207760548"},{"fixed":"89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"},{"fixed":"f8cde9805981c50d0c029063dc7d82821806fc44"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-44989.json"}}],"schema_version":"1.7.5"}