Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1e8y-b7fa-zyfy
Vulnerability ID VCID-1e8y-b7fa-zyfy
Aliases CVE-2024-46678
Summary In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock. As ipsec_lock is a spin lock and such xfrmdev ops may sleep, "scheduling while atomic" will be triggered when changing bond's active slave. [ 101.055189] BUG: scheduling while atomic: bash/902/0x00000200 [ 101.055726] Modules linked in: [ 101.058211] CPU: 3 PID: 902 Comm: bash Not tainted 6.9.0-rc4+ #1 [ 101.058760] Hardware name: [ 101.059434] Call Trace: [ 101.059436] <TASK> [ 101.060873] dump_stack_lvl+0x51/0x60 [ 101.061275] __schedule_bug+0x4e/0x60 [ 101.061682] __schedule+0x612/0x7c0 [ 101.062078] ? __mod_timer+0x25c/0x370 [ 101.062486] schedule+0x25/0xd0 [ 101.062845] schedule_timeout+0x77/0xf0 [ 101.063265] ? asm_common_interrupt+0x22/0x40 [ 101.063724] ? __bpf_trace_itimer_state+0x10/0x10 [ 101.064215] __wait_for_common+0x87/0x190 [ 101.064648] ? usleep_range_state+0x90/0x90 [ 101.065091] cmd_exec+0x437/0xb20 [mlx5_core] [ 101.065569] mlx5_cmd_do+0x1e/0x40 [mlx5_core] [ 101.066051] mlx5_cmd_exec+0x18/0x30 [mlx5_core] [ 101.066552] mlx5_crypto_create_dek_key+0xea/0x120 [mlx5_core] [ 101.067163] ? bonding_sysfs_store_option+0x4d/0x80 [bonding] [ 101.067738] ? kmalloc_trace+0x4d/0x350 [ 101.068156] mlx5_ipsec_create_sa_ctx+0x33/0x100 [mlx5_core] [ 101.068747] mlx5e_xfrm_add_state+0x47b/0xaa0 [mlx5_core] [ 101.069312] bond_change_active_slave+0x392/0x900 [bonding] [ 101.069868] bond_option_active_slave_set+0x1c2/0x240 [bonding] [ 101.070454] __bond_opt_set+0xa6/0x430 [bonding] [ 101.070935] __bond_opt_set_notify+0x2f/0x90 [bonding] [ 101.071453] bond_opt_tryset_rtnl+0x72/0xb0 [bonding] [ 101.071965] bonding_sysfs_store_option+0x4d/0x80 [bonding] [ 101.072567] kernfs_fop_write_iter+0x10c/0x1a0 [ 101.073033] vfs_write+0x2d8/0x400 [ 101.073416] ? alloc_fd+0x48/0x180 [ 101.073798] ksys_write+0x5f/0xe0 [ 101.074175] do_syscall_64+0x52/0x110 [ 101.074576] entry_SYSCALL_64_after_hwframe+0x4b/0x53 As bond_ipsec_add_sa_all and bond_ipsec_del_sa_all are only called from bond_change_active_slave, which requires holding the RTNL lock. And bond_ipsec_add_sa and bond_ipsec_del_sa are xfrm state xdo_dev_state_add and xdo_dev_state_delete APIs, which are in user context. So ipsec_lock doesn't have to be spin lock, change it to mutex, and thus the above issue can be resolved.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46678.json
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-46678
epss 7e-05 https://api.first.org/data/v1/epss?cve=CVE-2024-46678
cvssv3.1 4.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f
ssvc Track https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3
ssvc Track https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46678.json
https://api.first.org/data/v1/epss?cve=CVE-2024-46678
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46678
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2312066 https://bugzilla.redhat.com/show_bug.cgi?id=2312066
2aeeef906d5a526dc60cf4af92eda69836c39b1f https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f
56354b0a2c24a7828eeed7de4b4dc9652d9affa3 https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3
6b598069164ac1bb60996d6ff94e7f9169dbd2d3 https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3
USN-7154-1 https://usn.ubuntu.com/7154-1/
USN-7154-2 https://usn.ubuntu.com/7154-2/
USN-7155-1 https://usn.ubuntu.com/7155-1/
USN-7156-1 https://usn.ubuntu.com/7156-1/
USN-7196-1 https://usn.ubuntu.com/7196-1/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-46678.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:12:41Z/ Found at https://git.kernel.org/stable/c/2aeeef906d5a526dc60cf4af92eda69836c39b1f
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:12:41Z/ Found at https://git.kernel.org/stable/c/56354b0a2c24a7828eeed7de4b4dc9652d9affa3
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-29T15:12:41Z/ Found at https://git.kernel.org/stable/c/6b598069164ac1bb60996d6ff94e7f9169dbd2d3
Exploit Prediction Scoring System (EPSS)
Percentile 0.00676
EPSS Score 7e-05
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:51:28.020317+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0