CVE-2024-44989 – This CVE describes a null pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2024-44989?

CVE-2024-44989 has a CVSS score of 5.5 (MEDIUM). This CVE describes a null pointer dereference vulnerability in the Linux kernel's bonding driver that occurs when xfrm (IPsec) offload operations are performed while network interface state changes. It affects systems using Linux kernel bonding with IPsec offload enabled, potentially causing kernel crashes and denial of service.

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in the Linux kernel's bonding driver that occurs when xfrm (IPsec) offload operations are performed while network interface state changes. It affects systems using Linux kernel bonding with IPsec offload enabled, potentially causing kernel crashes and denial of service.

💻 Affected Systems

Products:

Linux kernel

Versions: Linux kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions using vulnerable kernel versions

Default Config Vulnerable: ✅ No

Notes: Only affects systems with bonding interfaces configured and IPsec offload enabled. Not all bonding configurations are vulnerable.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic leading to system crash and complete denial of service, requiring physical or remote console access to reboot the system.

🟠

Likely Case

System instability, kernel oops, and potential service disruption when bonding interface state changes occur during IPsec operations.

🟢

If Mitigated

Minor performance impact or failed IPsec operations without system crash if proper kernel protections are enabled.

🌐 Internet-Facing: MEDIUM - Systems with bonding interfaces exposed to the internet and using IPsec could be vulnerable to targeted attacks.

🏢 Internal Only: MEDIUM - Internal systems using bonding with IPsec offload could experience stability issues during network reconfiguration.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires ability to trigger bonding interface state changes while IPsec operations are active. Likely requires local access or network control.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 21816b696c172c19d53a30d45ee005cce246ed21, 2f72c6a66bcd7e0187ec085237fee5db27145294, 4582d4ff413a07d4ed8a4823c652dc5207760548, 7fa9243391ad2afe798ef4ea2e2851947b95754f, 89fc1dca79db5c3e7a2d589ecbf8a3661c65f436

Vendor Advisory: https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check distribution-specific security advisories. 3. Reboot system to load new kernel.

🔧 Temporary Workarounds

Disable IPsec offload on bonding interfaces

linux

Prevent the vulnerable code path by disabling IPsec hardware offload on bonding interfaces

ethtool -K bond0 rx-udp_tunnel-port-offload off
ethtool -K bond0 tx-udp_tunnel-port-offload off

Avoid bonding interface state changes during IPsec operations

linux

Schedule network maintenance during low-traffic periods and avoid bonding slave changes when IPsec tunnels are active

🧯 If You Can't Patch

Disable bonding interfaces if not required for system operation
Use alternative network bonding solutions or avoid IPsec offload features

🔍 How to Verify

Check if Vulnerable:

Check kernel version and bonding configuration: 'uname -r' and 'cat /proc/net/bonding/bond0' (if bonding exists)

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: 'grep -i "bonding.*xfrm.*real_dev" /proc/kallsyms' or check kernel source for the fix

📡 Detection & Monitoring

Log Indicators:

Kernel oops messages mentioning 'bond_ipsec_add_sa_all: failed to add SA'
Kernel panic logs with bonding and xfrm references
System logs showing bonding interface state changes

Network Indicators:

IPsec tunnel failures on bonding interfaces
Increased packet loss during bonding reconfiguration

SIEM Query:

source="kernel" AND ("bond_ipsec" OR "xfrm" AND "bonding") AND ("failed" OR "panic" OR "oops")

📊 Metadata

CVE ID: CVE-2024-44989

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: September 4, 2024

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44989, you might also want to check these: