CVE-2026-23276Infinite Loop in Linux

CWE-835Infinite Loop9 documents8 sources
Severity
5.5MEDIUM
No vector
EPSS
0.0%
top 93.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LinuxLinux Kernel
Timeline
PublishedMar 20

Description

In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recursion limit. When a bond device in broadcast mode has GRE tap interfaces as slaves, and those GRE tunnels route back through the bond, multicast/broadcast traffic triggers infinite recursion between bond_xmit_broadcast() and ip_tunnel_xmit()/ip6_tnl_xmit(), causing kernel stack overflow. The existing

Affected Packages3 packages

Linuxlinux/linux_kernel2.6.376.12.78+2
Debianlinux/linux_kernel< 6.19.10-1
CVEListV5linux/linux745e20f1b626b1be4b100af5d4bf7b3439392f8f834c4f645726a25fd71ea50cdfb5c135f8f95d85+5

🔴Vulnerability Details

4
CVEList
net: add xmit recursion limit to tunnel xmit functions2026-03-20
OSV
CVE-2026-23276: In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptu2026-03-20
OSV
net: add xmit recursion limit to tunnel xmit functions2026-03-20
GHSA
GHSA-89g4-663g-prjh: In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (ip2026-03-20

📋Vendor Advisories

3
Red Hat
kernel: net: add xmit recursion limit to tunnel xmit functions2026-03-20
Microsoft
net: add xmit recursion limit to tunnel xmit functions2026-03-10
Debian
CVE-2026-23276: linux - In the Linux kernel, the following vulnerability has been resolved: net: add xm...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23276 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-23276 — Infinite Loop in Linux | cvebase