PT-2024-32780 · Linux+5 · Linux Kernel+5

Syzbot

·

Published

2024-09-18

·

Updated

2025-09-29

·

CVE-2024-47734

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58
Description A vulnerability in the Linux kernel has been resolved, specifically in the bonding module. The issue was reported by syzbot and involved unnecessary warnings and logs from the bond xdp get xmit slave() function. This occurred when one bond device had xdpdrv and another bond device, unsupported by XDP, had a slave with xdpgeneric that returned XDP TX. To address this, the WARN ON ONCE() was deleted and a ratelimit was added to the netdev err(). The vulnerability can be reproduced by creating specific bond devices and configuring them with xdpdrv and xdpgeneric.
Recommendations To resolve the issue, update to Linux kernel version 6.6.58 or later. As a temporary workaround, consider disabling the bond xdp get xmit slave() function until a patch is available. Restrict access to the vulnerable bonding module to minimize the risk of exploitation. Avoid using the xdpdrv and xdpgeneric objects in the affected bond devices until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2025_16880
ALT-PU-2024-14046
ALT-PU-2024-14268
AZL-50836
AZL-50960
BDU:2025-03425
CVE-2024-47734
DLA-4008-1
MGASA-2024-0344
MGASA-2024-0345
OESA-2024-2522
OPENSUSE-SU-2024:14500-1
OPENSUSE-SU-2025:14705-1
USN-7166-1
USN-7166-2
USN-7166-3
USN-7166-4
USN-7186-1
USN-7186-2
USN-7194-1
USN-7276-1
USN-7277-1
USN-7301-1
USN-7303-1
USN-7303-2
USN-7303-3
USN-7304-1
USN-7310-1
USN-7311-1
USN-7384-1
USN-7384-2
USN-7385-1
USN-7386-1
USN-7403-1
USN-7468-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Linux Kernel
Red Os
Ubuntu