SB2024070269 - Improper error handling in Linux kernel net bonding driver
Published: July 2, 2024 Updated: May 13, 2025
Security Bulletin ID
SB2024070269
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper error handling (CVE-ID: CVE-2023-52784)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the bond_setup_by_slave() function in drivers/net/bonding/bond_main.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe
- https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc
- https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c
- https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4
- https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c
- https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859
- https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7