High severity7.5NVD Advisory· Published Apr 3, 2026· Updated May 21, 2026
CVE-2026-23451
CVE-2026-23451
Description
In the Linux kernel, the following vulnerability has been resolved:
bonding: prevent potential infinite loop in bond_header_parse()
bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top.
Add new "const struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8cpe:2.3:o:linux:linux_kernel:6.12.78:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:6.12.78:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.18.19:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:6.19.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.