CVE-2026-23451
HIGH EPSS 35.7%
Published Apr 3, 20263mo ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
Published Apr 3, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago
Description
In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top. Add new "const struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
35.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-835
Affected Products 7
References 4
- git.kernel.org https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13
- git.kernel.org https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c
- git.kernel.org https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371
- git.kernel.org https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04
Remediation
- git.kernel.org https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13
- git.kernel.org https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c
- git.kernel.org https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371
- git.kernel.org https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04