CVE-2026-43103
LAPB over Ethernet Type Change Handling in Linux Kernel
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Linux kernel involves the lapbether network driver. Specifically, the function lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER (Ethernet). The issue was that without proper handling of the NETDEV_PRE_TYPE_CHANGE event, this expectation could be broken. The fix ensures that returning NOTIFY_BAD from lapbeth_device_event() prevents the bonding driver from violating this expectation.
How can this vulnerability impact me? :
If the lapbeth_data_transmit() function's expectation about the device type is broken, it could lead to improper handling of network data transmission in bonded network interfaces. This might cause network communication issues or instability in systems relying on the lapbether driver and bonding functionality.