{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23451", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-01-13T15:37:46.020Z", "datePublished": "2026-04-03T15:15:33.776Z", "dateUpdated": "2026-05-11T22:07:14.777Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T22:07:14.777Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: prevent potential infinite loop in bond_header_parse()\n\nbond_header_parse() can loop if a stack of two bonding devices is setup,\nbecause skb->dev always points to the hierarchy top.\n\nAdd new \"const struct net_device *dev\" parameter to\n(struct header_ops)->parse() method to make sure the recursion\nis bounded, and that the final leaf parse method is called."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firewire/net.c", "drivers/net/bonding/bond_main.c", "include/linux/etherdevice.h", "include/linux/if_ether.h", "include/linux/netdevice.h", "net/ethernet/eth.c", "net/ipv4/ip_gre.c", "net/mac802154/iface.c", "net/phonet/af_phonet.c"], "versions": [{"version": "9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d", "lessThan": "946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c", "status": "affected", "versionType": "git"}, {"version": "6ac890f1d60ac3707ee8dae15a67d9a833e49956", "lessThan": "4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13", "status": "affected", "versionType": "git"}, {"version": "95597d11dc8bddb2b9a051c9232000bfbb5e43ba", "lessThan": "9b49c854f14f5e2d493e562a1e28d2e57fe37371", "status": "affected", "versionType": "git"}, {"version": "950803f7254721c1c15858fbbfae3deaaeeecb11", "lessThan": "b7405dcf7385445e10821777143f18c3ce20fa04", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/firewire/net.c", "drivers/net/bonding/bond_main.c", "include/linux/etherdevice.h", "include/linux/if_ether.h", "include/linux/netdevice.h", "net/ethernet/eth.c", "net/ipv4/ip_gre.c", "net/mac802154/iface.c", "net/phonet/af_phonet.c"], "versions": [{"version": "6.18.19", "lessThan": "6.18.20", "status": "affected", "versionType": "semver"}, {"version": "6.19.9", "lessThan": "6.19.10", "status": "affected", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18.19", "versionEndExcluding": "6.18.20"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.19.9", "versionEndExcluding": "6.19.10"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c"}, {"url": "https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13"}, {"url": "https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371"}, {"url": "https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04"}], "title": "bonding: prevent potential infinite loop in bond_header_parse()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: prevent potential infinite loop in bond_header_parse()\n\nbond_header_parse() can loop if a stack of two bonding devices is setup,\nbecause skb->dev always points to the hierarchy top.\n\nAdd new \"const struct net_device *dev\" parameter to\n(struct header_ops)->parse() method to make sure the recursion\nis bounded, and that the final leaf parse method is called."}], "id": "CVE-2026-23451", "lastModified": "2026-04-27T14:16:33.723", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "type": "Secondary"}]}, "published": "2026-04-03T16:16:31.460", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{"bugzilla": {"description": "kernel: bonding: prevent potential infinite loop in bond_header_parse()", "id": "2454803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454803"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-835", "details": ["A flaw was found in the Linux kernel's bonding component. When a specific network configuration involving a stack of two bonding devices is set up, the `bond_header_parse()` function can enter an infinite loop. This vulnerability can lead to a Denial of Service (DoS), making the affected system unresponsive."], "name": "CVE-2026-23451", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-23451\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-23451\nhttps://lore.kernel.org/linux-cve-announce/2026040316-CVE-2026-23451-1298@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d,946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[6ac890f1d60ac3707ee8dae15a67d9a833e49956,4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[95597d11dc8bddb2b9a051c9232000bfbb5e43ba,9b49c854f14f5e2d493e562a1e28d2e57fe37371)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[950803f7254721c1c15858fbbfae3deaaeeecb11,b7405dcf7385445e10821777143f18c3ce20fa04)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "7.0-rc4"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[0,7.0-rc4)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.20,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.19.10,6.20.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0-rc5,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "analysis": {"en": {"generated_at": "2026-04-28T08:53:39.659777+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a version that includes the bond_header_parse fix.", "Reconfigure the network to avoid stacking two bonded interfaces until the fix is available.", "Monitor system CPU usage for abnormal spikes that could indicate a looping condition."], "summary": {"action": "Immediate patch", "impact": "Denial of Service via infinite kernel loop"}, "threat_synthesis": {"affected_systems": "All Linux kernel releases that have not yet incorporated the vendor\u2011supplied fix are potentially vulnerable. Any distribution that allows users to stack multiple bonded interfaces\u2014common in enterprise switches, virtualized networking, and advanced routing setups\u2014could experience this issue if the configuration hierarchy includes more than one bonding device.", "description_and_impact": "In the Linux kernel bonding subsystem, a flaw causes the header parsing routine to recurse without bound when a stack of two bonded network interfaces is configured. Because the packet device reference always points to the top of the hierarchy, the parser repeatedly invokes itself without reaching the leaf, potentially leading to an infinite loop inside the kernel. This flaw falls under CWE\u2011835, which concerns infinite loops that can serve as denial\u2011of\u2011service avenues.", "risk_and_exploitability": "With a CVSS score of 7.5 the vulnerability is considered high severity, yet the EPSS score is below 1\u202f%, indicating a low likelihood of exploitation at present. The flaw is not listed in the CISA KEV catalog, suggesting no publicly known exploits. The likely attack vector is an intentional or accidental network configuration that creates a bonded\u2011device stack; an attacker would need the ability to influence or control such a configuration. When triggered, the infinite loop could consume kernel CPU resources, potentially causing a system slowdown or crash, which in turn results in a denial\u2011of\u2011service condition."}}}}, "created": "2026-04-03T21:13:47.030882+00:00", "updated": "2026-04-28T09:00:06.532769+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}