CVE-2024-46678
📋 TL;DR
A race condition vulnerability in the Linux kernel's bonding driver where using a spin lock for IPsec operations can cause kernel panics when changing active slaves. This affects systems using Linux kernel bonding with IPsec offloading. The issue triggers 'scheduling while atomic' errors leading to system instability.
💻 Affected Systems
- Linux kernel
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic leading to system crash and denial of service, potentially disrupting network connectivity and IPsec tunnels.
Likely Case
System instability or crash when changing bonding active slaves while IPsec is configured, causing temporary network disruption.
If Mitigated
Minor performance impact from lock contention with proper mutex implementation.
🎯 Exploit Status
Exploitation requires ability to trigger bonding slave changes, typically requiring administrative access or specific network conditions. The crash is triggered by legitimate operations rather than malicious payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patched in kernel commits: 2aeeef906d5a526dc60cf4af92eda69836c39b1f, 56354b0a2c24a7828eeed7de4b4dc9652d9affa3, 6b598069164ac1bb60996d6ff94e7f9169dbd2d3
Vendor Advisory: https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f
Restart Required: Yes
Instructions:
1. Update Linux kernel to version containing the fix commits. 2. Check with your distribution for backported patches. 3. Reboot system to load new kernel.
🔧 Temporary Workarounds
Avoid bonding slave changes with IPsec
linuxPrevent changing active slaves on bonding interfaces with IPsec offloading configured
# Monitor for bonding configuration changes
# Consider disabling IPsec offloading if not needed: echo 0 > /sys/class/net/bondX/ipsec_offload
🧯 If You Can't Patch
- Avoid changing active slaves on bonding interfaces with IPsec configured
- Disable IPsec offloading on bonding interfaces if not required
🔍 How to Verify
Check if Vulnerable:
Check kernel version and if bonding with IPsec is configured: cat /proc/version && ip link show type bond && ip xfrm stateCheck Version:
uname -rVerify Fix Applied:
Verify kernel includes fix commits: git log --oneline | grep -E '2aeeef9|56354b0|6b59806' or check kernel version is newer than affected range📡 Detection & Monitoring
Log Indicators:
- Kernel logs showing 'BUG: scheduling while atomic' with bonding/ipsec stack traces
- System crash/panic logs when changing network bonding
Network Indicators:
- Sudden loss of IPsec tunnels after bonding changes
- Network interface flapping on bonded interfaces
SIEM Query:
source="kernel" AND "scheduling while atomic" AND ("bonding" OR "ipsec")