PT-2024-14746 · Linux+7 · Linux Kernel+7

Syzbot

·

Published

2023-11-13

·

Updated

2025-09-29

·

CVE-2023-52784

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.0-rc3-syzkaller-gbf6547d8715b
Description The issue arises when a lapbether device is created on a bonding device without members, and then a non-ARPHRD ETHER member is added, forcing the bonding master to change its type. This can lead to a kernel BUG due to an internal error. The fix involves calling dev close() in bond setup by slave() to remove potential linked lapbether devices. A similar bug was addressed in a previous commit.
Recommendations To resolve the issue, update the Linux kernel to a version that includes the fix, specifically to a version after 6.6.0-rc3-syzkaller-gbf6547d8715b. As a temporary workaround, consider disabling the lapbether device on bonding devices without members to prevent the bonding master from changing its type.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-99

Related Identifiers

ALSA-2024:5101
ALSA-2024:5102
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
BDU:2025-15327
CESA-2024_5101
CESA-2024_5102
CVE-2023-52784
INFSA-2024_5101
INFSA-2024_5102
INFSA-2024_9315
OESA-2024-2491
OESA-2024-2494
OPENSUSE-SU-2024_2372-1
OPENSUSE-SU-2024_2394-1
RHSA-2024:4902
RHSA-2024:5101
RHSA-2024:5102
RHSA-2024:6993
RHSA-2024:9315
RHSA-2024_5101
RHSA-2024_5102
RHSA-2024_9315
RHSA-2025:3935
RLSA-2024:5101
RLSA-2024:5102
RXSA-2024:5101
SUSE-SU-2024:2360-1
SUSE-SU-2024:2372-1
SUSE-SU-2024:2381-1
SUSE-SU-2024:2394-1
SUSE-SU-2024:2561-1
SUSE-SU-2024:2571-1
SUSE-SU-2024:2896-1
SUSE-SU-2024:2939-1
SUSE-SU-2024:2973-1
SUSE-SU-2025:20008-1
SUSE-SU-2025:20028-1

Affected Products

Almalinux
Astra Linux
Centos
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse