CVE-2024-46678

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.9.0-rc4+

Description The issue is related to the Linux kernel's bonding driver, where the ipsec lock is changed from a spin lock to a mutex. This change is necessary because the xdo dev state add and xdo dev state delete functions, which are called inside the ipsec lock, may sleep, causing a "scheduling while atomic" error when changing the bond's active slave. The error is triggered when the ipsec lock is held and the xfrmdev operations sleep, leading to a scheduling conflict.

Recommendations To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions 6.9.0-rc4 and later should include the necessary changes to the ipsec lock to prevent the "scheduling while atomic" error.

Note: The provided information does not specify the exact version where the fix is included, but it is mentioned that the issue is resolved in version 6.9.0-rc4+. Therefore, updating to this version or later should resolve the issue.

At the moment, there is no information about additional steps or workarounds that can be taken to mitigate this vulnerability beyond updating the Linux kernel.