CVE-2022-49667

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version containing the fix for the use-after-free issue in the bonding driver, specifically the fix for the 802.3ad slave unbind.

Description A use-after-free issue has been identified in the Linux kernel's bonding driver, specifically in the 802.3ad slave unbind functionality. This issue arises when there are multiple aggregation groups in the same bond, and the bond 3ad unbind slave function invalidates the aggregator when agg active ports returns zero, allowing ad clear agg to be executed even when num of ports is not zero. As a result, bond 3ad unbind slave can be executed again for a previously cleared aggregator, leading to slave ports pointing to freed aggregator memory. The issue is resolved by checking the actual number of ports in the group before calling ad clear agg.

Recommendations For Linux kernel versions prior to the fix, consider applying the patch that includes the fix for the use-after-free issue in the bonding driver, specifically the fix for the 802.3ad slave unbind. As a temporary workaround, consider disabling the bonding functionality or restricting the use of the 802.3ad protocol until a patched version is available.