CVE-2023-52784: bonding: stop the device in bond_setup_by_slave()

Description

In the Linux kernel, the following vulnerability has been resolved:

bonding: stop the device in bond_setup_by_slave()

Commit 9eed321cde22 ("net: lapbether: only support ethernet devices")
has been able to keep syzbot away from net/lapb, until today.

In the following splat [1], the issue is that a lapbether device has
been created on a bonding device without members. Then adding a non
ARPHRD_ETHER member forced the bonding master to change its type.

The fix is to make sure we call dev_close() in bond_setup_by_slave()
so that the potential linked lapbether devices (or any other devices
having assumptions on the physical device) are removed.

A similar bug has been addressed in commit 40baec225765
("bonding: fix panic on non-ARPHRD_ETHER enslave failure")

[1]
skbuff: skb_under_panic: text:ffff800089508810 len:44 put:40 head:ffff0000c78e7c00 data:ffff0000c78e7bea tail:0x16 end:0x140 dev:bond0
kernel BUG at net/core/skbuff.c:192 !
Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 6007 Comm: syz-executor383 Not tainted 6.6.0-rc3-syzkaller-gbf6547d8715b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023
pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : skb_panic net/core/skbuff.c:188 [inline]
pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
lr : skb_panic net/core/skbuff.c:188 [inline]
lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:202
sp : ffff800096a06aa0
x29: ...

Classification

CVE ID: CVE-2023-52784

Affected Products

Vendor: Linux

Product: Linux

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 12.41% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://git.kernel.org/stable/c/b4f0e605a508f6d7cda6df2f03a0c676b778b1fe
https://git.kernel.org/stable/c/396baca6683f415b5bc2b380289387bef1406edc
https://git.kernel.org/stable/c/53064e8239dd2ecfefc5634e991f1025abc2ee0c
https://git.kernel.org/stable/c/19554aa901b5833787df4417a05ccdebf351b7f4
https://git.kernel.org/stable/c/87c49806a37f88eddde3f537c162fd0c2834170c
https://git.kernel.org/stable/c/d98c91215a5748a0f536e7ccea26027005196859
https://git.kernel.org/stable/c/3cffa2ddc4d3fcf70cde361236f5a614f81a09b2

Timeline