CVE-2024-39296

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bonding: fix oops during rmmod<br /> <br /> "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding:<br /> remove redundant NULL check in debugfs function"). Here are the relevant<br /> functions being called:<br /> <br /> bonding_exit()<br /> bond_destroy_debugfs()<br /> debugfs_remove_recursive(bonding_debug_root);<br /> bonding_debug_root = NULL; OOPS<br /> <br /> However, reverting the bad commit does not solve the problem completely<br /> because the original code contains a race that could cause the same<br /> oops, although it was much less likely to be triggered unintentionally:<br /> <br /> CPU1<br /> rmmod bonding<br /> bonding_exit()<br /> bond_destroy_debugfs()<br /> debugfs_remove_recursive(bonding_debug_root);<br /> <br /> CPU2<br /> echo -bond0 &gt; /sys/class/net/bonding_masters<br /> bond_uninit()<br /> bond_debug_unregister()<br /> if (!bonding_debug_root)<br /> <br /> CPU1<br /> bonding_debug_root = NULL;<br /> <br /> So do NOT revert the bad commit (since the removed checks were racy<br /> anyway), and instead change the order of actions taken during module<br /> removal. The same oops can also happen if there is an error during<br /> module init, so apply the same fix there.