CVE-2024-47734

CVE Details

Release Date:	2024-10-21
Impact:	Low	What is this?

Description

In the Linux kernel, the following vulnerability has been resolved:\nbonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()\nsyzbot reported a WARNING in bond_xdp_get_xmit_slave. To reproduce\nthis[1], one bond device (bond1) has xdpdrv, which increases\nbpf_master_redirect_enabled_key. Another bond device (bond0) which is\nunsupported by XDP but its slave (veth3) has xdpgeneric that returns\nXDP_TX. This triggers WARN_ON_ONCE() from the xdp_master_redirect().\nTo reduce unnecessary warnings and improve log management, we need to\ndelete the WARN_ON_ONCE() and add ratelimit to the netdev_err().\n[1] Steps to reproduce:\n# Needs tx_xdp with return XDP_TX;\nip l add veth0 type veth peer veth1\nip l add veth3 type veth peer veth4\nip l add bond0 type bond mode 6 # BOND_MODE_ALB, unsupported by XDP\nip l add bond1 type bond # BOND_MODE_ROUNDROBIN by default\nip l set veth0 master bond1\nip l set bond1 up\n# Increases bpf_master_redirect_enabled_key\nip l set dev bond1 xdpdrv object tx_xdp.o section xdp_tx\nip l set veth3 master bond0\nip l set bond0 up\nip l set veth4 up\n# Triggers WARN_ON_ONCE() from the xdp_master_redirect()\nip l set veth3 xdpgeneric object tx_xdp.o section xdp_tx

See more information about CVE-2024-47734 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	0.0
Vector String:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N
Version:	3.1
Attack Vector:	Local
Attack Complexity:	Low
Privileges Required:	Low
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	None
Integrity Impact:	None
Availability Impact:	None

Errata information

Platform

Errata

Release Date