CVE-2023-52784: bonding: stop the device in bond_setup_by_slave()

Published May 21, 2024
·
Updated

In the Linux kernel, the following vulnerability has been resolved:

bonding: stop the device in bondsetupbyslave()

Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today.

In the following splat [1], the issue is that a lapbether device has been created on a bonding device without members. Then adding a non ARPHRDETHER member forced the bonding master to change its type.

The fix is to make sure we call devclose() in bondsetupbyslave() so that the potential linked lapbether devices (or any other devices having assumptions on the physical device) are removed.

A similar bug has been addressed in commit 40baec225765 ("bonding: fix panic on non-ARPHRDETHER enslave failure")

[1] skbuff: skbunderpanic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0 kernel BUG at net/core/skbuff.c:192 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skbpanic net/core/skbuff.c:188 [inline] pc : skbunderpanic+0x13c/0x140 net/core/skbuff.c:202 lr : skbpanic net/core/skbuff.c:188 [inline] lr : skbunderpanic+0x13c/0x140 net/core/skbuff.c:202 sp : ffff800096a06aa0 x29: ffff800096a06ab0 x28: ffff800096a06ba0 x27: dfff800000000000 x26: ffff0000ce9b9b50 x25: 0000000000000016 x24: ffff0000c78e7bea x23: ffff0000c78e7c00 x22: 000000000000002c x21: 0000000000000140 x20: 0000000000000028 x19: ffff800089508810 x18: ffff800096a06100 x17: 0000000000000000 x16: ffff80008a629a3c x15: 0000000000000001 x14: 1fffe00036837a32 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000201 x10: 0000000000000000 x9 : cb50b496c519aa00 x8 : cb50b496c519aa00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800096a063b8 x4 : ffff80008e280f80 x3 : ffff8000805ad11c x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086 Call trace: skbpanic net/core/skbuff.c:188 [inline] skbunderpanic+0x13c/0x140 net/core/skbuff.c:202 skbpush+0xf0/0x108 net/core/skbuff.c:2446 ip6greheader+0xbc/0x738 net/ipv6/ip6gre.c:1384 devhardheader include/linux/netdevice.h:3136 [inline] lapbethdatatransmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257 lapbdatatransmit+0x8c/0xb0 net/lapb/lapbiface.c:447 lapbtransmitbuffer+0x178/0x204 net/lapb/lapbout.c:149 lapbsendcontrol+0x220/0x320 net/lapb/lapbsubr.c:251 lapbdisconnectrequest+0x9c/0x17c net/lapb/lapbiface.c:326 lapbdeviceevent+0x288/0x4e0 net/lapb/lapbiface.c:492 notifiercallchain+0x1a4/0x510 kernel/notifier.c:93 rawnotifiercallchain+0x3c/0x50 kernel/notifier.c:461 callnetdevicenotifiersinfo net/core/dev.c:1970 [inline] callnetdevicenotifiersextack net/core/dev.c:2008 [inline] callnetdevicenotifiers net/core/dev.c:2022 [inline] devclosemany+0x1b8/0x3c4 net/core/dev.c:1508 devclosemany+0x1e0/0x470 net/core/dev.c:1559 devclose+0x174/0x250 net/core/dev.c:1585 lapbethdeviceevent+0x2e4/0x958 drivers/net/wan/lapbether.c:466 notifiercallchain+0x1a4/0x510 kernel/notifier.c:93 rawnotifiercallchain+0x3c/0x50 kernel/notifier.c:461 callnetdevicenotifiersinfo net/core/dev.c:1970 [inline] callnetdevicenotifiersextack net/core/dev.c:2008 [inline] callnetdevicenotifiers net/core/dev.c:2022 [inline] devclosemany+0x1b8/0x3c4 net/core/dev.c:1508 devclosemany+0x1e0/0x470 net/core/dev.c:1559 devclose+0x174/0x250 net/core/dev.c:1585 bondenslave+0x2298/0x30cc drivers/net/bonding/bondmain.c:2332 bonddoioctl+0x268/0xc64 drivers/net/bonding/bondmain.c:4539 devifsioc+0x754/0x9ac devioctl+0x4d8/0xd34 net/core/devioctl.c:786 sockdoioctl+0x1d4/0x2d0 net/socket.c:1217 sockioctl+0x4e8/0x834 net/socket.c:1322 vfsioctl fs/ioctl.c:51 [inline] do ---truncated---

Other sources

In the Linux kernel, the following vulnerability has been resolved:

bonding: stop the device in bondsetupbyslave()

The Linux kernel CVE team has assigned CVE-2023-52784 to this issue.

Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024052154-CVE-2023-52784-80ad@gregkh/T

Red Hat

Linux Kernel is vulnerable to a denial of service, caused by a flaw in the bondsetupbyslave() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

IBM

Affected Software

18 affected componentsFixes available
IBM Security Verify Governance<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Software Stack<=ISVG 10.0.2
IBM Security Verify Governance, Identity Manager Virtual Appliance<=ISVG 10.0.2
IBM Security Verify Governance Identity Manager Container<=ISVG 10.0.2
redhat/kernel<5.4.262
5.4.262
redhat/kernel<5.10.202
5.10.202
redhat/kernel<5.15.140
5.15.140
redhat/kernel<6.1.64
6.1.64
redhat/kernel<6.5.13
6.5.13
redhat/kernel<6.6.3
6.6.3
redhat/kernel<6.7
6.7
Linux Linux kernel>=2.6.24<5.4.262
Linux Linux kernel>=5.5<5.10.202
Linux Linux kernel>=5.11<5.15.140
Linux Linux kernel>=5.16<6.1.64
Linux Linux kernel>=6.2<6.5.13
Linux Linux kernel>=6.6<6.6.3
Linux Linux kernel=6.7-rc1

Remediation

Patch Available

https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4

Patch Available

https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc

Patch Available

https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2

Patch Available

https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c

Patch Available

https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c

Patch Available

https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe

Patch Available

https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859

Event History

May 21, 2024
CVE Published
via MITRE·03:31 PM
Data Sourced
via MITRE·03:31 PM
Description
Data Sourced
via NVD·04:15 PM
RemedyDescriptionSeverityAffected Software
May 22, 2024
Data Sourced
via Red Hat·09:24 PM
DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-52784?

CVE-2023-52784 has been classified as a medium severity vulnerability affecting the Linux kernel.

2

How do I fix CVE-2023-52784?

To resolve CVE-2023-52784, upgrade your Linux kernel to the patched version available in your distribution.

3

Which Linux kernel versions are affected by CVE-2023-52784?

CVE-2023-52784 affects various kernel versions up to and including 6.7.

4

What is the impact of CVE-2023-52784?

CVE-2023-52784 may allow an attacker to disrupt network functionality in systems using the affected Linux kernel.

5

What products are impacted by CVE-2023-52784?

CVE-2023-52784 affects products such as IBM Security Verify Governance, specifically ISVG versions up to 10.0.2.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203