CVE-2026-23451
Infinite Loop Vulnerability in Linux Kernel Bonding Component
Publication date: 2026-04-03
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's bonding driver, specifically in the bond_header_parse() function. When a stack of two bonding devices is configured, bond_header_parse() can enter an infinite loop because skb->dev always points to the top device in the hierarchy. This causes the function to recurse indefinitely.
The fix involves adding a new parameter to the parse() method of the header_ops structure to ensure that recursion is bounded and that the final leaf parse method is called correctly, preventing the infinite loop.
How can this vulnerability impact me? :
This vulnerability can cause the Linux kernel to enter an infinite loop when processing network packets on systems using stacked bonding devices. This could lead to system instability, degraded network performance, or denial of service due to the kernel being stuck in the loop.