CVE-2026-23451
HIGHbonding: prevent potential infinite loop in bond_header_parse()
Title source: cnaDescription
In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top. Add new "const struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.
References (4)
Core 4
Core References
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
35.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-835
Status
published
Products (17)
linux/Kernel
6.18.19 - 6.18.20linux
linux/Kernel
6.19.9 - 6.19.10linux
Linux/Linux
< 7.0-rc4
Linux/Linux
6.18.19 - 6.18.20
Linux/Linux
6.18.20 - 6.18.*
Linux/Linux
6.19.10 - 6.19.*
Linux/Linux
6.19.9 - 6.19.10
Linux/Linux
6ac890f1d60ac3707ee8dae15a67d9a833e49956 - 4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13
Linux/Linux
7.0-rc4
Linux/Linux
7.0-rc5
... and 7 more
Published
Apr 03, 2026
Tracked Since
Apr 03, 2026