{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23451","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-01-13T15:37:46.020Z","datePublished":"2026-04-03T15:15:33.776Z","dateUpdated":"2026-05-11T22:07:14.777Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:07:14.777Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: prevent potential infinite loop in bond_header_parse()\n\nbond_header_parse() can loop if a stack of two bonding devices is setup,\nbecause skb->dev always points to the hierarchy top.\n\nAdd new \"const struct net_device *dev\" parameter to\n(struct header_ops)->parse() method to make sure the recursion\nis bounded, and that the final leaf parse method is called."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/firewire/net.c","drivers/net/bonding/bond_main.c","include/linux/etherdevice.h","include/linux/if_ether.h","include/linux/netdevice.h","net/ethernet/eth.c","net/ipv4/ip_gre.c","net/mac802154/iface.c","net/phonet/af_phonet.c"],"versions":[{"version":"9baf26a91565b7bb2b1d9f99aaf884a2b28c2f6d","lessThan":"946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c","status":"affected","versionType":"git"},{"version":"6ac890f1d60ac3707ee8dae15a67d9a833e49956","lessThan":"4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13","status":"affected","versionType":"git"},{"version":"95597d11dc8bddb2b9a051c9232000bfbb5e43ba","lessThan":"9b49c854f14f5e2d493e562a1e28d2e57fe37371","status":"affected","versionType":"git"},{"version":"950803f7254721c1c15858fbbfae3deaaeeecb11","lessThan":"b7405dcf7385445e10821777143f18c3ce20fa04","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/firewire/net.c","drivers/net/bonding/bond_main.c","include/linux/etherdevice.h","include/linux/if_ether.h","include/linux/netdevice.h","net/ethernet/eth.c","net/ipv4/ip_gre.c","net/mac802154/iface.c","net/phonet/af_phonet.c"],"versions":[{"version":"6.18.19","lessThan":"6.18.20","status":"affected","versionType":"semver"},{"version":"6.19.9","lessThan":"6.19.10","status":"affected","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.18.19","versionEndExcluding":"6.18.20"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19.9","versionEndExcluding":"6.19.10"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c"},{"url":"https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13"},{"url":"https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371"},{"url":"https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04"}],"title":"bonding: prevent potential infinite loop in bond_header_parse()","x_generator":{"engine":"bippy-1.2.0"}}}}