{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-44989", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-08-21T05:34:56.671Z", "datePublished": "2024-09-04T19:54:36.858Z", "dateUpdated": "2026-05-12T11:57:26.653Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:33:18.785Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel: <TASK>\n kernel: ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? page_fault_oops+0x142/0x4c0\n kernel: ? do_user_addr_fault+0x65/0x670\n kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: ? exc_page_fault+0x7b/0x180\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel: xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ip_push_pending_frames+0x56/0x80"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/bonding/bond_main.c"], "versions": [{"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "21816b696c172c19d53a30d45ee005cce246ed21", "status": "affected", "versionType": "git"}, {"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "2f72c6a66bcd7e0187ec085237fee5db27145294", "status": "affected", "versionType": "git"}, {"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "7fa9243391ad2afe798ef4ea2e2851947b95754f", "status": "affected", "versionType": "git"}, {"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "4582d4ff413a07d4ed8a4823c652dc5207760548", "status": "affected", "versionType": "git"}, {"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "89fc1dca79db5c3e7a2d589ecbf8a3661c65f436", "status": "affected", "versionType": "git"}, {"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "f8cde9805981c50d0c029063dc7d82821806fc44", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/bonding/bond_main.c"], "versions": [{"version": "5.9", "status": "affected"}, {"version": "0", "lessThan": "5.9", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.225", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.166", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.107", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.48", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.10.7", "lessThanOrEqual": "6.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.11", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "5.10.225"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "5.15.166"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.1.107"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.6.48"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.10.7"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.9", "versionEndExcluding": "6.11"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"}, {"url": "https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"}, {"url": "https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"}, {"url": "https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"}, {"url": "https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"}, {"url": "https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"}], "title": "bonding: fix xfrm real_dev null pointer dereference", "x_generator": {"engine": "bippy-1.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-04T20:19:50.219529Z", "id": "CVE-2024-44989", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T20:20:52.769Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:14:43.608Z"}}, {"x_adpType": "supplier", "providerMetadata": {"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-05-12T11:57:26.653Z"}, "affected": [{"vendor": "Siemens", "product": "RUGGEDCOM RST2428P", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "RUGGEDCOM RST2428P", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family", "versions": [{"status": "unaffected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.2", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SCALANCE XCM-/XRM-/XCH-/XRH-300 family", "versions": [{"status": "affected", "version": "0", "lessThan": "V3.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"vendor": "Siemens", "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", "versions": [{"status": "affected", "version": "0", "lessThan": "*", "versionType": "custom"}], "defaultStatus": "unknown"}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T22:14:43.608Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-44989", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-04T20:19:50.219529Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T20:19:52.581Z"}}], "cna": {"title": "bonding: fix xfrm real_dev null pointer dereference", "affected": [{"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "21816b696c172c19d53a30d45ee005cce246ed21", "versionType": "git"}, {"status": "affected", "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "2f72c6a66bcd7e0187ec085237fee5db27145294", "versionType": "git"}, {"status": "affected", "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "7fa9243391ad2afe798ef4ea2e2851947b95754f", "versionType": "git"}, {"status": "affected", "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "4582d4ff413a07d4ed8a4823c652dc5207760548", "versionType": "git"}, {"status": "affected", "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "89fc1dca79db5c3e7a2d589ecbf8a3661c65f436", "versionType": "git"}, {"status": "affected", "version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4", "lessThan": "f8cde9805981c50d0c029063dc7d82821806fc44", "versionType": "git"}], "programFiles": ["drivers/net/bonding/bond_main.c"], "defaultStatus": "unaffected"}, {"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "product": "Linux", "versions": [{"status": "affected", "version": "5.9"}, {"status": "unaffected", "version": "0", "lessThan": "5.9", "versionType": "semver"}, {"status": "unaffected", "version": "5.10.225", "versionType": "semver", "lessThanOrEqual": "5.10.*"}, {"status": "unaffected", "version": "5.15.166", "versionType": "semver", "lessThanOrEqual": "5.15.*"}, {"status": "unaffected", "version": "6.1.107", "versionType": "semver", "lessThanOrEqual": "6.1.*"}, {"status": "unaffected", "version": "6.6.48", "versionType": "semver", "lessThanOrEqual": "6.6.*"}, {"status": "unaffected", "version": "6.10.7", "versionType": "semver", "lessThanOrEqual": "6.10.*"}, {"status": "unaffected", "version": "6.11", "versionType": "original_commit_for_fix", "lessThanOrEqual": "*"}], "programFiles": ["drivers/net/bonding/bond_main.c"], "defaultStatus": "affected"}], "references": [{"url": "https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"}, {"url": "https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"}, {"url": "https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"}, {"url": "https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"}, {"url": "https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"}, {"url": "https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"}], "x_generator": {"engine": "bippy-1.2.0"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel: <TASK>\n kernel: ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? page_fault_oops+0x142/0x4c0\n kernel: ? do_user_addr_fault+0x65/0x670\n kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: ? exc_page_fault+0x7b/0x180\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel: xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ip_push_pending_frames+0x56/0x80"}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.10.225", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.15.166", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.1.107", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.6.48", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.10.7", "versionStartIncluding": "5.9"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "6.11", "versionStartIncluding": "5.9"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T20:33:18.785Z"}}}, "cveMetadata": {"cveId": "CVE-2024-44989", "state": "PUBLISHED", "dateUpdated": "2026-05-11T20:33:18.785Z", "dateReserved": "2024-08-21T05:34:56.671Z", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "datePublished": "2024-09-04T19:54:36.858Z", "assignerShortName": "Linux"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "2ED1D527-637B-4492-80FC-ADBDF6E9E2C7", "versionEndExcluding": "5.10.225", "versionStartIncluding": "5.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "913ED6CD-8ACF-48AF-AA18-7880881DD402", "versionEndExcluding": "5.15.166", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "53954FF8-CB48-4302-BC4C-9DA7A88F44A2", "versionEndExcluding": "6.1.107", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4", "versionEndExcluding": "6.6.48", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67", "versionEndExcluding": "6.10.7", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel: <TASK>\n kernel: ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? page_fault_oops+0x142/0x4c0\n kernel: ? do_user_addr_fault+0x65/0x670\n kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: ? exc_page_fault+0x7b/0x180\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel: xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ip_push_pending_frames+0x56/0x80"}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bonding: fix xfrm real_dev null pointer dereference No deber\u00edamos establecer real_dev en NULL porque los paquetes pueden estar en tr\u00e1nsito y xfrm podr\u00eda llamar a xdo_dev_offload_ok() en paralelo. Todas las devoluciones de llamadas suponen que real_dev est\u00e1 establecido. Ejemplo de seguimiento: kernel: BUG: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000001030 kernel: bond0: (esclavo eni0np1): haciendo que la interfaz sea la nueva activa kernel: #PF: acceso de escritura del supervisor en modo kernel kernel: #PF: error_code(0x0002) - p\u00e1gina no presente kernel: PGD 0 P4D 0 kernel: Oops: 0002 [#1] PREEMPT SMP kernel: CPU: 4 PID: 2237 Comm: ping No contaminado 6.7.7+ #12 kernel: Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (esclavo eni0np1): bond_ipsec_add_sa_all: no se pudo agregar el kernel SA: C\u00f3digo: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 &lt;83&gt; 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f kernel: bond0: (esclavo eni0np1): haciendo que la interfaz sea la nueva activa kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246 kernel: bond0: (esclavo eni0np1): bond_ipsec_add_sa_all: no se pudo agregar SA kernel: kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00 kernel: RBP: ffff9eb3c0a42000 R08: 000000000000010 R09: 0000000000000014 kernel: R10: 797420303030303030 R11: 3030303030303030 R12: 0000000000000000 n\u00facleo: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000 n\u00facleo: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000 n\u00facleo: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 n\u00facleo: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0 kernel: bond0: (esclavo eni0np1): haciendo que la interfaz sea la nueva activa kernel: Seguimiento de llamadas: kernel: kernel: ? __die+0x1f/0x60 kernel: bond0: (esclavo eni0np1): bond_ipsec_add_sa_all: error al agregar SA kernel: ? page_fault_oops+0x142/0x4c0 kernel: ? do_user_addr_fault+0x65/0x670 kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50 kernel: bond0: (esclavo eni0np1): haciendo que la interfaz sea la nueva activa kernel: ? exc_page_fault+0x7b/0x180 kernel: ? asm_exc_page_fault+0x22/0x30 kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim] kernel: bond0: (esclavo eni0np1): bond_ipsec_add_sa_all: no se pudo agregar SA kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim] kernel: bond0: (esclavo eni0np1): haciendo que la interfaz sea la nueva activa kernel: bond_ipsec_offload_ok+0x7b/0x90 [vinculaci\u00f3n] kernel: xfrm_output+0x61/0x3b0 kernel: bond0: (esclavo eni0np1): bond_ipsec_add_sa_all: no se pudo agregar SA kernel: ip_push_pending_frames+0x56/0x80"}], "id": "CVE-2024-44989", "lastModified": "2026-05-12T12:17:09.900", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-09-04T20:15:08.020", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-355557.html"}, {"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "url": "https://cert-portal.siemens.com/productcert/html/ssa-613116.html"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2024:8870", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-553.27.1.rt7.368.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2024:8856", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-553.27.1.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-11-05T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2025:6966", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "kernel-0:5.14.0-570.12.1.el9_6", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-05-13T00:00:00Z"}, {"advisory": "RHSA-2024:10771", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "kernel-0:5.14.0-427.47.1.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2024-12-04T00:00:00Z"}], "bugzilla": {"description": "kernel: bonding: fix xfrm real_dev null pointer dereference", "id": "2309852", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309852"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbonding: fix xfrm real_dev null pointer dereference\nWe shouldn't set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\nExample trace:\nkernel: BUG: unable to handle page fault for address: 0000000000001030\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: #PF: supervisor write access in kernel mode\nkernel: #PF: error_code(0x0002) - not-present page\nkernel: PGD 0 P4D 0\nkernel: Oops: 0002 [#1] PREEMPT SMP\nkernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\nkernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\nkernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel:\nkernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\nkernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\nkernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\nkernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\nkernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\nkernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\nkernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nkernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: Call Trace:\nkernel: <TASK>\nkernel: ? __die+0x1f/0x60\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel: ? page_fault_oops+0x142/0x4c0\nkernel: ? do_user_addr_fault+0x65/0x670\nkernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: ? exc_page_fault+0x7b/0x180\nkernel: ? asm_exc_page_fault+0x22/0x30\nkernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\nkernel: bond0: (slave eni0np1): making interface the new active one\nkernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]\nkernel: xfrm_output+0x61/0x3b0\nkernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\nkernel: ip_push_pending_frames+0x56/0x80"], "name": "CVE-2024-44989", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-09-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-44989\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-44989\nhttps://lore.kernel.org/linux-cve-announce/2024090446-CVE-2024-44989-8a2d@gregkh/T"], "threat_severity": "Moderate"}

{}