CVE-2026-23171
Severity
7.8HIGH
EPSS
0.0%
top 96.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 14
Latest updateApr 13
Description
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix use-after-free due to enslave fail after slave array update
Fix a use-after-free which happens due to enslave failure after the new
slave has been added to the array. Since the new slave can be used for Tx
immediately, we can use it after it has been freed by the enslave error
cleanup path which frees the allocated slave memory. Slave update array is
supposed to be called last when further enslave failures are not…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5linux/linux9e2ee5c7e7c35d195e2aa0692a7241d47a433d1e — bd25b092a06a3e05f7e8bd6da6fa7318777d8c3d+2
Patches
🔴Vulnerability Details
4VulDB
▶
GHSA▶
GHSA-5r72-p4cv-h344: In the Linux kernel, the following vulnerability has been resolved:
bonding: fix use-after-free due to enslave fail after slave array update
Fix a u↗2026-02-14
OSV▶
CVE-2026-23171: In the Linux kernel, the following vulnerability has been resolved: bonding: fix use-after-free due to enslave fail after slave array update Fix a use↗2026-02-14
📋Vendor Advisories
3🕵️Threat Intelligence
1💬Community
1Bugzilla▶
CVE-2026-23171 kernel: Linux kernel: Use-after-free in bonding module can cause system crash or arbitrary code execution↗2026-02-14