bonding: fix xfrm real_dev null pointer dereference — CVE-2024-44989

Summary

Advisory CVE-2024-44989. bonding: fix xfrm real_dev null pointer dereference Vendor: Microsoft. Source: MSRC. Threat: medium. CVSS 5.5. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Review exposure and plan remediation based on risk and environment.
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• Access of Uninitialized Pointer in Wireshark CVE-2024-8645
• ALSA: line6: Fix racy access to midibuf CVE-2024-44954
• Ansible-core: exposure of sensitive information in ansible vault files due to improper logging CVE-2024-8775
• apparmor: fix possible NULL pointer dereference CVE-2024-46721
• arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry CVE-2024-46822
• ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item CVE-2024-46863
• binfmt_flat: Fix corruption when not offsetting data start CVE-2024-44966
• Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() CVE-2024-46749
• Bluetooth: btnxpuart: Fix random crash seen while removing driver CVE-2024-46680
• bnxt_en: Fix double DMA unmapping for XDP_REDIRECT CVE-2024-44984
• bonding: change ipsec_lock from spin lock to mutex CVE-2024-46678
• bonding: fix null pointer deref in bond_ipsec_offload_ok CVE-2024-44990