CVE-2026-23451

HIGH

bonding: prevent potential infinite loop in bond_header_parse()

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top. Add new "const struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.

Scores

CVSS v3 7.5
EPSS 0.0044
EPSS Percentile 35.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-835
Status published
Products (17)
linux/Kernel 6.18.19 - 6.18.20linux
linux/Kernel 6.19.9 - 6.19.10linux
Linux/Linux < 7.0-rc4
Linux/Linux 6.18.19 - 6.18.20
Linux/Linux 6.18.20 - 6.18.*
Linux/Linux 6.19.10 - 6.19.*
Linux/Linux 6.19.9 - 6.19.10
Linux/Linux 6ac890f1d60ac3707ee8dae15a67d9a833e49956 - 4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13
Linux/Linux 7.0-rc4
Linux/Linux 7.0-rc5
... and 7 more
Published Apr 03, 2026
Tracked Since Apr 03, 2026