7.5

CVE-2026-23451

EPSS 0.06%
Veröffentlicht 03.04.2026 15:15:33
Zuletzt bearbeitet 27.04.2026 14:16:33
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

bonding: prevent potential infinite loop in bond_header_parse()

In the Linux kernel, the following vulnerability has been resolved:

bonding: prevent potential infinite loop in bond_header_parse()

bond_header_parse() can loop if a stack of two bonding devices is setup,
because skb->dev always points to the hierarchy top.

Add new "const struct net_device *dev" parameter to
(struct header_ops)->parse() method to make sure the recursion
is bounded, and that the final leaf parse method is called.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

CNA 2 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d

Version < 946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c

Status affected

Version 6ac890f1d60ac3707ee8dae15a67d9a833e49956

Version < 4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13

Status affected

Version 95597d11dc8bddb2b9a051c9232000bfbb5e43ba

Version < 9b49c854f14f5e2d493e562a1e28d2e57fe37371

Status affected

Version 950803f7254721c1c15858fbbfae3deaaeeecb11

Version < b7405dcf7385445e10821777143f18c3ce20fa04

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version 6.18.19

Version < 6.18.20

Status affected

Version 6.19.9

Version < 6.19.10

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.183

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c

https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13

https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371

https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04

https://nvd.nist.gov/vuln/detail/CVE-2026-23451

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23451

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23451

EUVD