You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 44989
About this tag
CVE-2024-44989 is a Linux kernel vulnerability in the bonding driver that can cause a null-pointer dereference in the XFRM/IPsec offload path. The issue stems from a race condition during bond interface changes, where the driver may set the internal real_dev pointer to NULL while XFRM callbacks run concurrently. Microsoft's MSRC statement notes that Azure Linux includes the affected open-source library and is potentially impacted, but this is a scoped inventory attestation rather than a guarantee that no other Microsoft product contains the same vulnerable code. Discussions on WindowsForum.com examine the scope of Microsoft's exposure and the technical details of the vulnerability.
Microsoft’s short MSRC wording that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a scoped inventory attestation, not a technical guarantee that no other Microsoft product could contain the same vulnerable Linux kernel code. erview...