Vulnerability-Lookup

BDU:2025-15327

Vulnerability from fstec - Published: 13.11.2023

Title

Уязвимость функции bond_setup_by_slave() модуля drivers/net/bonding/bond_main.c - драйвера поддержки сетевых адаптеров ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции bond_setup_by_slave() модуля drivers/net/bonding/bond_main.c - драйвера поддержки сетевых адаптеров ядра операционной системы Linux связана с неправильным контролем идентификаторов ресурсов («внедрение ресурсов»). Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity


                    
                      AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Vendor

Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения

Software Name

Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, Linux

Software Version

16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), от 5.11 до 5.15.139 включительно (Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), от 5.16 до 6.1.63 включительно (Linux), от 6.2 до 6.5.12 включительно (Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), от 5.5 до 5.10.201 включительно (Linux), 9.4 Extended Update Support (Red Hat Enterprise Linux), от 6.6 до 6.6.2 включительно (Linux), от 2.6.24 до 5.4.261 включительно (Linux)

Possible Mitigations

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года. Использование рекомендаций: Для Linux: https://lore.kernel.org/linux-cve-announce/2024052154-CVE-2023-52784-80ad@gregkh/ https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4 https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859 https://git.kernel.org/linus/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2023-52784 Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2023-52784 Для Ubuntu: https://ubuntu.com/security/CVE-2023-52784

Reference

https://www.cve.org/CVERecord?id=CVE-2023-52784 https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4 https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859 https://lore.kernel.org/linux-cve-announce/2024052154-CVE-2023-52784-80ad@gregkh/ https://git.kernel.org/linus/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2 https://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.203-lvc19&id=396baca6683f415b5bc2b380289387bef1406edc https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202 https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13 https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3 https://ubuntu.com/security/CVE-2023-52784 https://security-tracker.debian.org/tracker/CVE-2023-52784 https://access.redhat.com/security/cve/cve-2023-52784

CWE

CWE-99

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:M/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.139 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), \u043e\u0442 5.16 \u0434\u043e 6.1.63 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.2 \u0434\u043e 6.5.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 8.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Telecommunications Update Service (Red Hat Enterprise Linux), 8.6 Advanced Mission Critical Update Support (Red Hat Enterprise Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.201 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 9.4 Extended Update Support (Red Hat Enterprise Linux), \u043e\u0442 6.6 \u0434\u043e 6.6.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 2.6.24 \u0434\u043e 5.4.261 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2024052154-CVE-2023-52784-80ad@gregkh/\nhttps://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe\nhttps://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc\nhttps://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c\nhttps://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4\nhttps://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c\nhttps://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859\nhttps://git.kernel.org/linus/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-52784\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-52784\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2023-52784",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "13.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "08.12.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.12.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-15327",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-52784",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.11 \u0434\u043e 5.15.139 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.16 \u0434\u043e 6.1.63 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.2 \u0434\u043e 6.5.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Red Hat Inc. Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.5 \u0434\u043e 5.10.201 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.6 \u0434\u043e 6.6.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 2.6.24 \u0434\u043e 5.4.261 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 bond_setup_by_slave() \u043c\u043e\u0434\u0443\u043b\u044f drivers/net/bonding/bond_main.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u043e\u0432 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430) (CWE-99)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 bond_setup_by_slave() \u043c\u043e\u0434\u0443\u043b\u044f drivers/net/bonding/bond_main.c - \u0434\u0440\u0430\u0439\u0432\u0435\u0440\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438 \u0441\u0435\u0442\u0435\u0432\u044b\u0445 \u0430\u0434\u0430\u043f\u0442\u0435\u0440\u043e\u0432 \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0435\u043c \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (\u00ab\u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432\u00bb). \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.cve.org/CVERecord?id=CVE-2023-52784\nhttps://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe\nhttps://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc\nhttps://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c\nhttps://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4\nhttps://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c\nhttps://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859\nhttps://lore.kernel.org/linux-cve-announce/2024052154-CVE-2023-52784-80ad@gregkh/\nhttps://git.kernel.org/linus/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2\nhttps://git.linuxtesting.ru/pub/scm/linux/kernel/git/lvc/linux-stable.git/commit/?h=v5.10.203-lvc19\u0026id=396baca6683f415b5bc2b380289387bef1406edc\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.262\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.202\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.140\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.13\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.3\nhttps://ubuntu.com/security/CVE-2023-52784\nhttps://security-tracker.debian.org/tracker/CVE-2023-52784\nhttps://access.redhat.com/security/cve/cve-2023-52784",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-99",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,4)"
}

CVE-2023-52784 (GCVE-0-2023-52784)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2026-05-11 19:33

Title

bonding: stop the device in bond_setup_by_slave()

Summary

In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. In the following splat [1], the issue is that a lapbether device has been created on a bonding device without members. Then adding a non ARPHRD_ETHER member forced the bonding master to change its type. The fix is to make sure we call dev_close() in bond_setup_by_slave() so that the potential linked lapbether devices (or any other devices having assumptions on the physical device) are removed. A similar bug has been addressed in commit 40baec225765 ("bonding: fix panic on non-ARPHRD_ETHER enslave failure") [1] skbuff: skb_under_panic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0 kernel BUG at net/core/skbuff.c:192 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_panic net/core/skbuff.c:188 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202 lr : skb_panic net/core/skbuff.c:188 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202 sp : ffff800096a06aa0 x29: ffff800096a06ab0 x28: ffff800096a06ba0 x27: dfff800000000000 x26: ffff0000ce9b9b50 x25: 0000000000000016 x24: ffff0000c78e7bea x23: ffff0000c78e7c00 x22: 000000000000002c x21: 0000000000000140 x20: 0000000000000028 x19: ffff800089508810 x18: ffff800096a06100 x17: 0000000000000000 x16: ffff80008a629a3c x15: 0000000000000001 x14: 1fffe00036837a32 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000201 x10: 0000000000000000 x9 : cb50b496c519aa00 x8 : cb50b496c519aa00 x7 : 0000000000000001 x6 : 0000000000000001 x5 : ffff800096a063b8 x4 : ffff80008e280f80 x3 : ffff8000805ad11c x2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086 Call trace: skb_panic net/core/skbuff.c:188 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:202 skb_push+0xf0/0x108 net/core/skbuff.c:2446 ip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1384 dev_hard_header include/linux/netdevice.h:3136 [inline] lapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257 lapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447 lapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149 lapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251 __lapb_disconnect_request+0x9c/0x17c net/lapb/lapb_iface.c:326 lapb_device_event+0x288/0x4e0 net/lapb/lapb_iface.c:492 notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93 raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461 call_netdevice_notifiers_info net/core/dev.c:1970 [inline] call_netdevice_notifiers_extack net/core/dev.c:2008 [inline] call_netdevice_notifiers net/core/dev.c:2022 [inline] __dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508 dev_close_many+0x1e0/0x470 net/core/dev.c:1559 dev_close+0x174/0x250 net/core/dev.c:1585 lapbeth_device_event+0x2e4/0x958 drivers/net/wan/lapbether.c:466 notifier_call_chain+0x1a4/0x510 kernel/notifier.c:93 raw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461 call_netdevice_notifiers_info net/core/dev.c:1970 [inline] call_netdevice_notifiers_extack net/core/dev.c:2008 [inline] call_netdevice_notifiers net/core/dev.c:2022 [inline] __dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508 dev_close_many+0x1e0/0x470 net/core/dev.c:1559 dev_close+0x174/0x250 net/core/dev.c:1585 bond_enslave+0x2298/0x30cc drivers/net/bonding/bond_main.c:2332 bond_do_ioctl+0x268/0xc64 drivers/net/bonding/bond_main.c:4539 dev_ifsioc+0x754/0x9ac dev_ioctl+0x4d8/0xd34 net/core/dev_ioctl.c:786 sock_do_ioctl+0x1d4/0x2d0 net/socket.c:1217 sock_ioctl+0x4e8/0x834 net/socket.c:1322 vfs_ioctl fs/ioctl.c:51 [inline] __do_ ---truncated---

Severity

No CVSS data available.

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/b4f0e605a508f6d7c…
https://git.kernel.org/stable/c/396baca6683f415b5…
https://git.kernel.org/stable/c/53064e8239dd2ecfe…
https://git.kernel.org/stable/c/19554aa901b583378…
https://git.kernel.org/stable/c/87c49806a37f88edd…
https://git.kernel.org/stable/c/d98c91215a5748a0f…
https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 872254dd6b1f80cb95ee9e2e22980888533fc293 , < b4f0e605a508f6d7cda6df2f03a0c676b778b1fe (git) Affected: 872254dd6b1f80cb95ee9e2e22980888533fc293 , < 396baca6683f415b5bc2b380289387bef1406edc (git) Affected: 872254dd6b1f80cb95ee9e2e22980888533fc293 , < 53064e8239dd2ecfefc5634e991f1025abc2ee0c (git) Affected: 872254dd6b1f80cb95ee9e2e22980888533fc293 , < 19554aa901b5833787df4417a05ccdebf351b7f4 (git) Affected: 872254dd6b1f80cb95ee9e2e22980888533fc293 , < 87c49806a37f88eddde3f537c162fd0c2834170c (git) Affected: 872254dd6b1f80cb95ee9e2e22980888533fc293 , < d98c91215a5748a0f536e7ccea26027005196859 (git) Affected: 872254dd6b1f80cb95ee9e2e22980888533fc293 , < 3cffa2ddc4d3fcf70cde361236f5a614f81a09b2 (git)
Linux	Linux	Affected: 2.6.24 Unaffected: 0 , < 2.6.24 (semver) Unaffected: 5.4.262 , ≤ 5.4.* (semver) Unaffected: 5.10.202 , ≤ 5.10.* (semver) Unaffected: 5.15.140 , ≤ 5.15.* (semver) Unaffected: 6.1.64 , ≤ 6.1.* (semver) Unaffected: 6.5.13 , ≤ 6.5.* (semver) Unaffected: 6.6.3 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T18:34:45.558216Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:37.337Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:36.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b4f0e605a508f6d7cda6df2f03a0c676b778b1fe",
              "status": "affected",
              "version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
              "versionType": "git"
            },
            {
              "lessThan": "396baca6683f415b5bc2b380289387bef1406edc",
              "status": "affected",
              "version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
              "versionType": "git"
            },
            {
              "lessThan": "53064e8239dd2ecfefc5634e991f1025abc2ee0c",
              "status": "affected",
              "version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
              "versionType": "git"
            },
            {
              "lessThan": "19554aa901b5833787df4417a05ccdebf351b7f4",
              "status": "affected",
              "version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
              "versionType": "git"
            },
            {
              "lessThan": "87c49806a37f88eddde3f537c162fd0c2834170c",
              "status": "affected",
              "version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
              "versionType": "git"
            },
            {
              "lessThan": "d98c91215a5748a0f536e7ccea26027005196859",
              "status": "affected",
              "version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
              "versionType": "git"
            },
            {
              "lessThan": "3cffa2ddc4d3fcf70cde361236f5a614f81a09b2",
              "status": "affected",
              "version": "872254dd6b1f80cb95ee9e2e22980888533fc293",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.24"
            },
            {
              "lessThan": "2.6.24",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.262",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.202",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.140",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.262",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.202",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.140",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.64",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "2.6.24",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: stop the device in bond_setup_by_slave()\n\nCommit 9eed321cde22 (\"net: lapbether: only support ethernet devices\")\nhas been able to keep syzbot away from net/lapb, until today.\n\nIn the following splat [1], the issue is that a lapbether device has\nbeen created on a bonding device without members. Then adding a non\nARPHRD_ETHER member forced the bonding master to change its type.\n\nThe fix is to make sure we call dev_close() in bond_setup_by_slave()\nso that the potential linked lapbether devices (or any other devices\nhaving assumptions on the physical device) are removed.\n\nA similar bug has been addressed in commit 40baec225765\n(\"bonding: fix panic on non-ARPHRD_ETHER enslave failure\")\n\n[1]\nskbuff: skb_under_panic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0\nkernel BUG at net/core/skbuff.c:192 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : skb_panic net/core/skbuff.c:188 [inline]\npc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nlr : skb_panic net/core/skbuff.c:188 [inline]\nlr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nsp : ffff800096a06aa0\nx29: ffff800096a06ab0 x28: ffff800096a06ba0 x27: dfff800000000000\nx26: ffff0000ce9b9b50 x25: 0000000000000016 x24: ffff0000c78e7bea\nx23: ffff0000c78e7c00 x22: 000000000000002c x21: 0000000000000140\nx20: 0000000000000028 x19: ffff800089508810 x18: ffff800096a06100\nx17: 0000000000000000 x16: ffff80008a629a3c x15: 0000000000000001\nx14: 1fffe00036837a32 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000201 x10: 0000000000000000 x9 : cb50b496c519aa00\nx8 : cb50b496c519aa00 x7 : 0000000000000001 x6 : 0000000000000001\nx5 : ffff800096a063b8 x4 : ffff80008e280f80 x3 : ffff8000805ad11c\nx2 : 0000000000000001 x1 : 0000000100000201 x0 : 0000000000000086\nCall trace:\nskb_panic net/core/skbuff.c:188 [inline]\nskb_under_panic+0x13c/0x140 net/core/skbuff.c:202\nskb_push+0xf0/0x108 net/core/skbuff.c:2446\nip6gre_header+0xbc/0x738 net/ipv6/ip6_gre.c:1384\ndev_hard_header include/linux/netdevice.h:3136 [inline]\nlapbeth_data_transmit+0x1c4/0x298 drivers/net/wan/lapbether.c:257\nlapb_data_transmit+0x8c/0xb0 net/lapb/lapb_iface.c:447\nlapb_transmit_buffer+0x178/0x204 net/lapb/lapb_out.c:149\nlapb_send_control+0x220/0x320 net/lapb/lapb_subr.c:251\n__lapb_disconnect_request+0x9c/0x17c net/lapb/lapb_iface.c:326\nlapb_device_event+0x288/0x4e0 net/lapb/lapb_iface.c:492\nnotifier_call_chain+0x1a4/0x510 kernel/notifier.c:93\nraw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1970 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:2008 [inline]\ncall_netdevice_notifiers net/core/dev.c:2022 [inline]\n__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508\ndev_close_many+0x1e0/0x470 net/core/dev.c:1559\ndev_close+0x174/0x250 net/core/dev.c:1585\nlapbeth_device_event+0x2e4/0x958 drivers/net/wan/lapbether.c:466\nnotifier_call_chain+0x1a4/0x510 kernel/notifier.c:93\nraw_notifier_call_chain+0x3c/0x50 kernel/notifier.c:461\ncall_netdevice_notifiers_info net/core/dev.c:1970 [inline]\ncall_netdevice_notifiers_extack net/core/dev.c:2008 [inline]\ncall_netdevice_notifiers net/core/dev.c:2022 [inline]\n__dev_close_many+0x1b8/0x3c4 net/core/dev.c:1508\ndev_close_many+0x1e0/0x470 net/core/dev.c:1559\ndev_close+0x174/0x250 net/core/dev.c:1585\nbond_enslave+0x2298/0x30cc drivers/net/bonding/bond_main.c:2332\nbond_do_ioctl+0x268/0xc64 drivers/net/bonding/bond_main.c:4539\ndev_ifsioc+0x754/0x9ac\ndev_ioctl+0x4d8/0xd34 net/core/dev_ioctl.c:786\nsock_do_ioctl+0x1d4/0x2d0 net/socket.c:1217\nsock_ioctl+0x4e8/0x834 net/socket.c:1322\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:33:05.070Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc"
        },
        {
          "url": "https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2"
        }
      ],
      "title": "bonding: stop the device in bond_setup_by_slave()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52784",
    "datePublished": "2024-05-21T15:31:02.362Z",
    "dateReserved": "2024-05-21T15:19:24.240Z",
    "dateUpdated": "2026-05-11T19:33:05.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2025-15327

CVE-2023-52784 (GCVE-0-2023-52784)

Tags

Sightings

Nomenclature