bonding: prevent potential infinite loop in bond_header_parse()

Description

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.19/6.19.9/7.0-rc3/7.0-rc4. Impacted is the function bond_header_parse. The manipulation leads to infinite loop. This vulnerability is documented as CVE-2026-23451. The attack requires being on the local network. It is recommended to upgrade the affected component.

Affected Products

Vendor	Product	Versions
linux	linux kernel	9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d, 6ac890f1d60ac3707ee8dae15a67d9a833e49956, 95597d11dc8bddb2b9a051c9232000bfbb5e43ba, 950803f7254721c1c15858fbbfae3deaaeeecb11, 7.0-rc4, 6.18.19, 6.19.9, 7.0-rc3

References

Related News (2 articles)

Tier C

VulDB8h ago

CVE-2026-23451 | Linux Kernel up to 6.18.19/6.19.9/7.0-rc3/7.0-rc4 bond_header_parse infinite loop

→ No new info (linked only)

Tier C

Linux Kernel CVEs9h ago

CVE-2026-23451: bonding: prevent potential infinite loop in bond_header_parse()

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c4172a7901cf43fe1cc63ef7a2ef33735ff7b7d139b49c854f14f5e2d493e562a1e28d2e57fe37371b7405dcf7385445e10821777143f18c3ce20fa0406.18.206.19.107.0-rc5

PublishedApr 3, 2026

Last enriched8h agov2

Trending Score59

Source articles2

Independent2

Info Completeness7/14

Missing: cvss, epss, cwe, kev, exploit, iocs, mitre_attack