{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23119", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:45.969Z", "datePublished": "2026-02-14T15:09:50.517Z", "dateUpdated": "2026-05-11T22:00:29.775Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:00:29.775Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: provide a net pointer to __skb_flow_dissect()\n\nAfter 3cbf4ffba5ee (\"net: plumb network namespace into __skb_flow_dissect\")\nwe have to provide a net pointer to __skb_flow_dissect(),\neither via skb->dev, skb->sk, or a user provided pointer.\n\nIn the following case, syzbot was able to cook a bare skb.\n\nWARNING: net/core/flow_dissector.c:1131 at __skb_flow_dissect+0xb57/0x68b0 net/core/flow_dissector.c:1131, CPU#1: syz.2.1418/11053\nCall Trace:\n <TASK>\n bond_flow_dissect drivers/net/bonding/bond_main.c:4093 [inline]\n __bond_xmit_hash+0x2d7/0xba0 drivers/net/bonding/bond_main.c:4157\n bond_xmit_hash_xdp drivers/net/bonding/bond_main.c:4208 [inline]\n bond_xdp_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5139 [inline]\n bond_xdp_get_xmit_slave+0x1fd/0x710 drivers/net/bonding/bond_main.c:5515\n xdp_master_redirect+0x13f/0x2c0 net/core/filter.c:4388\n bpf_prog_run_xdp include/net/xdp.h:700 [inline]\n bpf_test_run+0x6b2/0x7d0 net/bpf/test_run.c:421\n bpf_prog_test_run_xdp+0x795/0x10e0 net/bpf/test_run.c:1390\n bpf_prog_test_run+0x2c7/0x340 kernel/bpf/syscall.c:4703\n __sys_bpf+0x562/0x860 kernel/bpf/syscall.c:6182\n __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/bonding/bond_main.c"], "versions": [{"version": "58deb77cc52da9360d20676e68dd215742cbe473", "lessThan": "8e53780732ee881394406f79da5263b81eb48f7e", "status": "affected", "versionType": "git"}, {"version": "58deb77cc52da9360d20676e68dd215742cbe473", "lessThan": "3be945abdd228fd00f6afcf8d137002867a4651b", "status": "affected", "versionType": "git"}, {"version": "58deb77cc52da9360d20676e68dd215742cbe473", "lessThan": "f4faaa1297ecf3255a8591fff2633df05bd5ec84", "status": "affected", "versionType": "git"}, {"version": "58deb77cc52da9360d20676e68dd215742cbe473", "lessThan": "0efee0b992f28bd5ee01c7a86ef6a307c42eb907", "status": "affected", "versionType": "git"}, {"version": "58deb77cc52da9360d20676e68dd215742cbe473", "lessThan": "bc3c8d2493c6f4d2038844dc8b7ee93de050f7fa", "status": "affected", "versionType": "git"}, {"version": "58deb77cc52da9360d20676e68dd215742cbe473", "lessThan": "de97735a40a144974bf3896ee4cc0270db2e47db", "status": "affected", "versionType": "git"}, {"version": "58deb77cc52da9360d20676e68dd215742cbe473", "lessThan": "5f9b329096596b7e53e07d041d7fca4cbe1be752", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/bonding/bond_main.c"], "versions": [{"version": "5.5", "status": "affected"}, {"version": "0", "lessThan": "5.5", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.249", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.199", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.162", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.122", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.68", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.8", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.10.249"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "5.15.199"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.1.162"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.6.122"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.12.68"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.18.8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.5", "versionEndExcluding": "6.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/8e53780732ee881394406f79da5263b81eb48f7e"}, {"url": "https://git.kernel.org/stable/c/3be945abdd228fd00f6afcf8d137002867a4651b"}, {"url": "https://git.kernel.org/stable/c/f4faaa1297ecf3255a8591fff2633df05bd5ec84"}, {"url": "https://git.kernel.org/stable/c/0efee0b992f28bd5ee01c7a86ef6a307c42eb907"}, {"url": "https://git.kernel.org/stable/c/bc3c8d2493c6f4d2038844dc8b7ee93de050f7fa"}, {"url": "https://git.kernel.org/stable/c/de97735a40a144974bf3896ee4cc0270db2e47db"}, {"url": "https://git.kernel.org/stable/c/5f9b329096596b7e53e07d041d7fca4cbe1be752"}], "title": "bonding: provide a net pointer to __skb_flow_dissect()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8F8CE97-601F-43DD-8822-7399EEB63A13", "versionEndExcluding": "5.10.249", "versionStartIncluding": "5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A247FBA6-BEB9-484F-B892-DD5517949CCD", "versionEndExcluding": "5.15.199", "versionStartIncluding": "5.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "6579E0D4-0641-479D-A4C3-0EF618798C55", "versionEndExcluding": "6.1.162", "versionStartIncluding": "5.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EAAE395-0162-4BAF-9AD5-E9AF3C869C4F", "versionEndExcluding": "6.6.122", "versionStartIncluding": "6.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "52F38E19-0FDD-4992-9D6D-D4169D689598", "versionEndExcluding": "6.12.68", "versionStartIncluding": "6.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E65C6E79-7EBE-4C77-93F0-818CF5B38F4E", "versionEndExcluding": "6.18.8", "versionStartIncluding": "6.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc1:*:*:*:*:*:*", "matchCriteriaId": "17B67AA7-40D6-4AFA-8459-F200F3D7CFD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc2:*:*:*:*:*:*", "matchCriteriaId": "C47E4CC9-C826-4FA9-B014-7FE3D9B318B2", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc3:*:*:*:*:*:*", "matchCriteriaId": "F71D92C0-C023-48BD-B3B6-70B638EEE298", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc4:*:*:*:*:*:*", "matchCriteriaId": "13580667-0A98-40CC-B29F-D12790B91BDB", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc5:*:*:*:*:*:*", "matchCriteriaId": "CAD1FED7-CF48-47BF-AC7D-7B6FA3C065FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:6.19:rc6:*:*:*:*:*:*", "matchCriteriaId": "3EF854A1-ABB1-4E93-BE9A-44569EC76C0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: provide a net pointer to __skb_flow_dissect()\n\nAfter 3cbf4ffba5ee (\"net: plumb network namespace into __skb_flow_dissect\")\nwe have to provide a net pointer to __skb_flow_dissect(),\neither via skb->dev, skb->sk, or a user provided pointer.\n\nIn the following case, syzbot was able to cook a bare skb.\n\nWARNING: net/core/flow_dissector.c:1131 at __skb_flow_dissect+0xb57/0x68b0 net/core/flow_dissector.c:1131, CPU#1: syz.2.1418/11053\nCall Trace:\n <TASK>\n bond_flow_dissect drivers/net/bonding/bond_main.c:4093 [inline]\n __bond_xmit_hash+0x2d7/0xba0 drivers/net/bonding/bond_main.c:4157\n bond_xmit_hash_xdp drivers/net/bonding/bond_main.c:4208 [inline]\n bond_xdp_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5139 [inline]\n bond_xdp_get_xmit_slave+0x1fd/0x710 drivers/net/bonding/bond_main.c:5515\n xdp_master_redirect+0x13f/0x2c0 net/core/filter.c:4388\n bpf_prog_run_xdp include/net/xdp.h:700 [inline]\n bpf_test_run+0x6b2/0x7d0 net/bpf/test_run.c:421\n bpf_prog_test_run_xdp+0x795/0x10e0 net/bpf/test_run.c:1390\n bpf_prog_test_run+0x2c7/0x340 kernel/bpf/syscall.c:4703\n __sys_bpf+0x562/0x860 kernel/bpf/syscall.c:6182\n __do_sys_bpf kernel/bpf/syscall.c:6274 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:6272 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94"}, {"lang": "es", "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nbonding: proporcionar un puntero de red a __skb_flow_dissect()\n\nDespu\u00e9s de 3cbf4ffba5ee ('net: integrar el espacio de nombres de red en __skb_flow_dissect')\ntenemos que proporcionar un puntero de red a __skb_flow_dissect(),\nya sea a trav\u00e9s de skb-&gt;dev, skb-&gt;sk, o un puntero proporcionado por el usuario.\n\nEn el siguiente caso, syzbot pudo 'cocinar' un skb b\u00e1sico.\n\nADVERTENCIA: net/core/flow_dissector.c:1131 en __skb_flow_dissect+0xb57/0x68b0 net/core/flow_dissector.c:1131, CPU#1: syz.2.1418/11053\nTraza de Llamadas:\n \n bond_flow_dissect drivers/net/bonding/bond_main.c:4093 [en l\u00ednea]\n __bond_xmit_hash+0x2d7/0xba0 drivers/net/bonding/bond_main.c:4157\n bond_xmit_hash_xdp drivers/net/bonding/bond_main.c:4208 [en l\u00ednea]\n bond_xdp_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5139 [en l\u00ednea]\n bond_xdp_get_xmit_slave+0x1fd/0x710 drivers/net/bonding/bond_main.c:5515\n xdp_master_redirect+0x13f/0x2c0 net/core/filter.c:4388\n bpf_prog_run_xdp include/net/xdp.h:700 [en l\u00ednea]\n bpf_test_run+0x6b2/0x7d0 net/bpf/test_run.c:421\n bpf_prog_test_run_xdp+0x795/0x10e0 net/bpf/test_run.c:1390\n bpf_prog_test_run+0x2c7/0x340 kernel/bpf/syscall.c:4703\n __sys_bpf+0x562/0x860 kernel/bpf/syscall.c:6182\n __do_sys_bpf kernel/bpf/syscall.c:6274 [en l\u00ednea]\n __se_sys_bpf kernel/bpf/syscall.c:6272 [en l\u00ednea]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [en l\u00ednea]\n do_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94"}], "id": "CVE-2026-23119", "lastModified": "2026-03-18T13:39:51.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-14T15:16:07.043", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/0efee0b992f28bd5ee01c7a86ef6a307c42eb907"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/3be945abdd228fd00f6afcf8d137002867a4651b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/5f9b329096596b7e53e07d041d7fca4cbe1be752"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/8e53780732ee881394406f79da5263b81eb48f7e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/bc3c8d2493c6f4d2038844dc8b7ee93de050f7fa"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/de97735a40a144974bf3896ee4cc0270db2e47db"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/f4faaa1297ecf3255a8591fff2633df05bd5ec84"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: bonding: provide a net pointer to __skb_flow_dissect()", "id": "2439873", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439873"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nbonding: provide a net pointer to __skb_flow_dissect()\nAfter 3cbf4ffba5ee (\"net: plumb network namespace into __skb_flow_dissect\")\nwe have to provide a net pointer to __skb_flow_dissect(),\neither via skb->dev, skb->sk, or a user provided pointer.\nIn the following case, syzbot was able to cook a bare skb.\nWARNING: net/core/flow_dissector.c:1131 at __skb_flow_dissect+0xb57/0x68b0 net/core/flow_dissector.c:1131, CPU#1: syz.2.1418/11053\nCall Trace:\n<TASK>\nbond_flow_dissect drivers/net/bonding/bond_main.c:4093 [inline]\n__bond_xmit_hash+0x2d7/0xba0 drivers/net/bonding/bond_main.c:4157\nbond_xmit_hash_xdp drivers/net/bonding/bond_main.c:4208 [inline]\nbond_xdp_xmit_3ad_xor_slave_get drivers/net/bonding/bond_main.c:5139 [inline]\nbond_xdp_get_xmit_slave+0x1fd/0x710 drivers/net/bonding/bond_main.c:5515\nxdp_master_redirect+0x13f/0x2c0 net/core/filter.c:4388\nbpf_prog_run_xdp include/net/xdp.h:700 [inline]\nbpf_test_run+0x6b2/0x7d0 net/bpf/test_run.c:421\nbpf_prog_test_run_xdp+0x795/0x10e0 net/bpf/test_run.c:1390\nbpf_prog_test_run+0x2c7/0x340 kernel/bpf/syscall.c:4703\n__sys_bpf+0x562/0x860 kernel/bpf/syscall.c:6182\n__do_sys_bpf kernel/bpf/syscall.c:6274 [inline]\n__se_sys_bpf kernel/bpf/syscall.c:6272 [inline]\n__x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:6272\ndo_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\ndo_syscall_64+0xec/0xf80 arch/x86/entry/syscall_64.c:94"], "name": "CVE-2026-23119", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23119\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23119\nhttps://lore.kernel.org/linux-cve-announce/2026021407-CVE-2026-23119-0f44@gregkh/T"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[58deb77cc52da9360d20676e68dd215742cbe473,8e53780732ee881394406f79da5263b81eb48f7e)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[58deb77cc52da9360d20676e68dd215742cbe473,3be945abdd228fd00f6afcf8d137002867a4651b)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[58deb77cc52da9360d20676e68dd215742cbe473,f4faaa1297ecf3255a8591fff2633df05bd5ec84)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[58deb77cc52da9360d20676e68dd215742cbe473,0efee0b992f28bd5ee01c7a86ef6a307c42eb907)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[58deb77cc52da9360d20676e68dd215742cbe473,bc3c8d2493c6f4d2038844dc8b7ee93de050f7fa)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[58deb77cc52da9360d20676e68dd215742cbe473,de97735a40a144974bf3896ee4cc0270db2e47db)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[58deb77cc52da9360d20676e68dd215742cbe473,5f9b329096596b7e53e07d041d7fca4cbe1be752)"}}], "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.5"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.5)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.249,5.11.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.199,5.16.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.162,6.2.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.122,6.7.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.68,6.13.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.8,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.19,*]"}}], "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-17T19:44:08.285540+00:00", "value": {"mitigation_remediation": ["Apply the latest Linux kernel update that includes the fix for commit 0efee0b992f28bd5ee01c7a86ef6a307c42eb907 or newer to eliminate the crash vector.", "Restrict XDP and BPF program execution to trusted users or groups, and do not allow unprivileged processes to load programs that could exploit the bonding driver.", "Monitor kernel logs for \"__skb_flow_dissect\" crashes and configure automatic reboot or crash recovery services to maintain availability during incidents."], "summary": {"action": "Patch", "impact": "Denial of Service via Kernel Crash"}, "threat_synthesis": {"affected_systems": "The flaw affects all Linux kernel versions in the Linux:Linux product line, including the 6.19 release candidates (rc1 through rc6) and any earlier releases that have not applied the fix. Until the kernel is updated to incorporate the commit that resolves the issue, systems that load the bonding driver and process raw packets remain vulnerable.", "description_and_impact": "A flaw in the Linux bonding driver causes it to supply an incorrect or missing network pointer to the __skb_flow_dissect function, which can trigger a null-pointer dereference inside the kernel flow dissector. This results in a kernel panic and a complete denial of service for the affected system. The vulnerability is activated when the bonding driver processes a specially crafted socket buffer that lacks a valid net namespace pointer, leading to a fatal crash. The impact is limited to the kernel space, potentially affecting the confidentiality and integrity of the entire operating system via the crash mechanism.", "risk_and_exploitability": "The CVSS score of 5.5 places the vulnerability in the medium severity tier, and the extremely low EPSS score (<1%) indicates a very small probability of exploitation in the wild. The condition requires a local attacker with the ability to inject malformed socket buffers or deploy malicious BPF/XDP programs that target the bonding driver, which narrows the attack surface. Because the vulnerability leads to a crash, it is not likely to grant arbitrary code execution but does allow an attacker to cause an outage of the system. The absence from the KEV catalog suggests no widespread public exploitation has been observed."}}}}, "created": "2026-02-16T12:01:46.074964+00:00", "updated": "2026-04-17T19:45:25.903543+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-476"]}