{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23451", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.020Z", "datePublished": "2026-04-03T15:15:33.776Z", "dateUpdated": "2026-04-03T15:15:33.776Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-04-03T15:15:33.776Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: prevent potential infinite loop in bond_header_parse()\n\nbond_header_parse() can loop if a stack of two bonding devices is setup,\nbecause skb->dev always points to the hierarchy top.\n\nAdd new \"const struct net_device *dev\" parameter to\n(struct header_ops)->parse() method to make sure the recursion\nis bounded, and that the final leaf parse method is called."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firewire/net.c", "drivers/net/bonding/bond_main.c", "include/linux/etherdevice.h", "include/linux/if_ether.h", "include/linux/netdevice.h", "net/ethernet/eth.c", "net/ipv4/ip_gre.c", "net/mac802154/iface.c", "net/phonet/af_phonet.c"], "versions": [{"version": "9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d", "lessThan": "946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c", "status": "affected", "versionType": "git"}, {"version": "6ac890f1d60ac3707ee8dae15a67d9a833e49956", "lessThan": "4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13", "status": "affected", "versionType": "git"}, {"version": "95597d11dc8bddb2b9a051c9232000bfbb5e43ba", "lessThan": "9b49c854f14f5e2d493e562a1e28d2e57fe37371", "status": "affected", "versionType": "git"}, {"version": "950803f7254721c1c15858fbbfae3deaaeeecb11", "lessThan": "b7405dcf7385445e10821777143f18c3ce20fa04", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firewire/net.c", "drivers/net/bonding/bond_main.c", "include/linux/etherdevice.h", "include/linux/if_ether.h", "include/linux/netdevice.h", "net/ethernet/eth.c", "net/ipv4/ip_gre.c", "net/mac802154/iface.c", "net/phonet/af_phonet.c"], "versions": [{"version": "7.0-rc4", "status": "affected"}, {"version": "0", "lessThan": "7.0-rc4", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.20", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.10", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0-rc5", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18.19", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19.9", "versionEndExcluding": "6.19.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0-rc4", "versionEndExcluding": "7.0-rc5"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c"}, {"url": "https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13"}, {"url": "https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371"}, {"url": "https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04"}], "title": "bonding: prevent potential infinite loop in bond_header_parse()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: prevent potential infinite loop in bond_header_parse()\n\nbond_header_parse() can loop if a stack of two bonding devices is setup,\nbecause skb->dev always points to the hierarchy top.\n\nAdd new \"const struct net_device *dev\" parameter to\n(struct header_ops)->parse() method to make sure the recursion\nis bounded, and that the final leaf parse method is called."}], "id": "CVE-2026-23451", "lastModified": "2026-04-03T16:16:31.460", "metrics": {}, "published": "2026-04-03T16:16:31.460", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: bonding: prevent potential infinite loop in bond_header_parse()", "id": "2454803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454803"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["A flaw was found in the Linux kernel's bonding component. When a specific network configuration involving a stack of two bonding devices is set up, the `bond_header_parse()` function can enter an infinite loop. This vulnerability can lead to a Denial of Service (DoS), making the affected system unresponsive."], "name": "CVE-2026-23451", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23451\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23451\nhttps://lore.kernel.org/linux-cve-announce/2026040316-CVE-2026-23451-1298@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d,946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6ac890f1d60ac3707ee8dae15a67d9a833e49956,4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[95597d11dc8bddb2b9a051c9232000bfbb5e43ba,9b49c854f14f5e2d493e562a1e28d2e57fe37371)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[950803f7254721c1c15858fbbfae3deaaeeecb11,b7405dcf7385445e10821777143f18c3ce20fa04)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.0-rc4"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,7.0-rc4)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-03T18:47:31.898054+00:00", "value": {"mitigation_remediation": ["Update the Linux kernel to a revision that includes the patch identified by commit 4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13 or later.", "Verify the running kernel version with uname -r and compare against the kernel commit history to ensure the fix is present.", "If an immediate kernel upgrade is not feasible, consider disabling or reducing the use of bonded network devices to avoid the unbounded loop condition.", "Continuously monitor kernel security advisories and apply updates as soon as they become available."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "All Linux kernel distributions that contain the bonding driver and do not yet incorporate the commit that adds a bounded parse parameter are affected. The exact version range is not specified in the advisory, so any release before the fix should be considered vulnerable.", "description_and_impact": "A flaw in the Linux kernel bonding subsystem can cause bond_header_parse() to loop indefinitely when a stack of two bonding devices is configured. This unbounded recursion can exhaust kernel resources, potentially leading to a system crash or freeze, and thereby denying service to legitimate users. The vulnerability arises from an unbounded parse recursion, classified under CWE\u2011703, an infinite loop weakness.", "risk_and_exploitability": "The CVSS score and EPSS are not provided, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector would involve sending crafted network packets that trigger the bonding traversal, potentially allowing a local or remote attacker to destabilize the system. While no public exploits are known, the impact of a DoS scenario on critical infrastructure is significant and the oversight warrants prompt patching."}}}}, "created": "2026-04-03T21:13:47.030882+00:00", "updated": "2026-04-03T21:16:01.263893+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-703"]}