PT-2024-31348 · Linux+10 · Linux Kernel+10

Nikolay Aleksandrov

·

Published

2024-08-20

·

Updated

2025-09-29

·

CVE-2024-44989

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50
Description A vulnerability has been resolved in the Linux kernel, specifically in the bonding module, where a null pointer dereference could occur when setting real dev to NULL while packets are in transit and xfrm might call xdo dev offload ok() in parallel. All callbacks assume real dev is set. This issue can lead to a page fault and potentially cause the system to crash.
Recommendations To resolve this issue, update the Linux kernel to version 6.6.50 or later. If updating is not possible, consider disabling the bonding module or restricting its use until an update can be applied.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALSA-2024:8856
ALSA-2024:8870
ALSA-2025_12746
ALSA-2025_12752
ALSA-2025_12753
ALSA-2025_16880
ALT-PU-2024-11855
ALT-PU-2024-11863
ALT-PU-2024-12053
ALT-PU-2024-12535
ALT-PU-2024-12537
ALT-PU-2024-12541
ALT-PU-2024-12790
ALT-PU-2024-13121
ALT-PU-2024-13260
ALT-PU-2024-13979
ALT-PU-2024-14046
AZL-48719
AZL-48765
BDU:2025-01948
CESA-2024_8856
CESA-2024_8870
CVE-2024-44989
DLA-3912-1
DLA-4008-1
DSA-5782-1
INFSA-2024_8856
INFSA-2024_8870
INFSA-2025_6966
MGASA-2024-0309
MGASA-2024-0310
OESA-2024-2292
OESA-2024-2293
OESA-2024-2295
OESA-2024-2446
OPENSUSE-SU-2024_3551-1
OPENSUSE-SU-2024_3561-1
OPENSUSE-SU-2024_3564-1
OPENSUSE-SU-2024_3587-1
OPENSUSE-SU-2024_3592-1
RHSA-2024:10771
RHSA-2024:8856
RHSA-2024:8870
RHSA-2024_8856
RHSA-2024_8870
RHSA-2025:6966
RHSA-2025_6966
RLSA-2024:8856
RLSA-2024:8870
SUSE-SU-2024:3551-1
SUSE-SU-2024:3553-1
SUSE-SU-2024:3561-1
SUSE-SU-2024:3564-1
SUSE-SU-2024:3569-1
SUSE-SU-2024:3587-1
SUSE-SU-2024:3592-1
SUSE-SU-2025:20073-1
SUSE-SU-2025:20077-1
USN-7100-1
USN-7100-2
USN-7123-1
USN-7144-1
USN-7154-1
USN-7154-2
USN-7155-1
USN-7156-1
USN-7194-1
USN-7196-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu