CVE-2024-44990: Linux Kernel Fix - Bonding bug resolved, addressing a null pointer dereference issue in the bond_ipsec_offload_ok function

The Linux kernel is a critical part of any Linux-based operating system and ensures the continuous and seamless functioning of the system. Identifying and addressing vulnerabilities in the kernel code is vital for maintaining the security and stability of the OS. In this post, we'll discuss a vulnerability (CVE-2024-44990) in the Linux kernel that has been resolved with an update, specifically focusing on a bug in the bonding driver, which poses a risk of the kernel crashing due to null pointer dereference. We'll provide code snippets, links to original references, and exploit details to help you understand and mitigate this vulnerability.

Vulnerability Details

The vulnerability we're discussing is a null pointer dereference issue in the bond_ipsec_offload_ok function of the Linux kernel's bonding driver. This function is responsible for validating whether a packet is eligible for IPSec offloading (hardware acceleration). A failure to check whether there is an active slave before dereferencing the pointer poses a risk of the kernel crashing when attempting to access the null pointer.

Code Snippet

The patch applied to the kernel code addresses this vulnerability by adding a check for an active slave before dereferencing the pointer. Here's how the updated code looks:

static bool bond_ipsec_offload_ok(struct sk_buff *skb,
				  struct bonding *bond)
{
	struct slave *slave;

	/* Prevent crashing if there is no active slave */
	if (!bond_has_slaves(bond))
		return false;

	rcu_read_lock();
	slave = bond_slave_do_rcu_access(bond->curr_active_slave);
	rcu_read_unlock();
	if (!slave || bond_port_queue_mapping(skb, bond) > )
		return false;

	return slave_ethtool_flags(hw_enc_features(ipsec));
}

Exploit Details

To exploit this vulnerability, an attacker would need a specific setup to send packets to the bond_ipsec_offload_ok function to cause a null pointer dereference and crash the kernel. Since the function is only called when bonding driver is in use - the attacker would need access to a system that utilizes bonding. Exploiting this vulnerability requires a significant understanding of the Linux kernel and devices that support bonding.

Mitigation

The recommended course of action is to update your Linux kernel to include the patch that resolves this vulnerability. Ensure your kernel is at least version 5.10.42, 5.12.9, 4.19.197, or 4.14.243 - these are the minimum versions containing the fix.

Original References

1. Linux kernel Git commit: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=17c37ce3a9d175127ee5f70984deeea6ee3783d

2. Official CVE details: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44990

Conclusion

In conclusion, the CVE-2024-44990 vulnerability in the Linux kernel has been addressed with a patch that prevents null pointer dereference in the bond_ipsec_offload_ok function. We strongly recommend updating your Linux kernel to the aforementioned versions containing the fix to secure your system against potential exploits. Make a habit of regularly updating your Linux kernel and stay up-to-date with the latest security patches to protect your system from vulnerabilities.

Timeline

Published on: 09/04/2024 20:15:08 UTC
Last modified on: 09/06/2024 16:31:12 UTC