CVE-2026-23451 — Infinite Loop in Linux

CWE-835 — Infinite Loop6 documents6 sources

Severity

5.5MEDIUM

No vector

EPSS

0.0%

top 93.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Debian Linux

Timeline

PublishedApr 3

Latest updateApr 6

Description

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top. Add new "const struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.

Affected Packages2 packages

▶CVEListV5linux/linux9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d — 946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c+5

▶debiandebian/linux

🔴Vulnerability Details

OSV

CVE-2026-23451: In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse(↗2026-04-06

▶

GHSA

GHSA-j6pc-6q9q-vr74: In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_pars↗2026-04-03

▶

📋Vendor Advisories

Red Hat

kernel: bonding: prevent potential infinite loop in bond_header_parse()↗2026-04-03

▶

Debian

CVE-2026-23451: linux - In the Linux kernel, the following vulnerability has been resolved: bonding: pr...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-23451 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶