{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53337","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.399Z","datePublished":"2026-07-01T13:32:19.046Z","dateUpdated":"2026-07-01T13:32:19.046Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-07-01T13:32:19.046Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bonding: fix NULL pointer dereference in bond_do_ioctl()\n\nIn bond_do_ioctl(), slave_dev is obtained via __dev_get_by_name() which\ncan return NULL if the requested interface name does not exist. However,\nthe subsequent slave_dbg() call is placed before the NULL check:\n\n    slave_dev = __dev_get_by_name(net, ifr->ifr_slave);\n    slave_dbg(bond_dev, slave_dev, \"slave_dev=%p:\\n\", slave_dev); //here\n    if (!slave_dev)\n        return -ENODEV;\n\nThe slave_dbg() macro expands to netdev_dbg(bond_dev, \"(slave %s): \" fmt,\n(slave_dev)->name, ...) which unconditionally dereferences slave_dev->name\nbefore the NULL check is performed. This results in a NULL pointer\ndereference kernel oops when a user calls bonding ioctl (e.g.\nSIOCBONDENSLAVE, SIOCBONDRELEASE, etc.) with a non-existent slave\ninterface name.\n\nThis is reachable from userspace via the bonding ioctl interface with\nCAP_NET_ADMIN capability, making it a potential local denial-of-service\nvector.\n\nFix by moving the slave_dbg() call after the NULL check."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_main.c"],"versions":[{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"1b7558c85493467b2ea20738866b822db6442034","status":"affected","versionType":"git"},{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"b02b2e3e876c18733b868a29064abd11cdbf8feb","status":"affected","versionType":"git"},{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"66693957bacd1c9dae6188a7312d6be69a221f2d","status":"affected","versionType":"git"},{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"a629418d463fb50d132a1aa063b0105857311e5f","status":"affected","versionType":"git"},{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"c2cfe290fdb1c32a4f4eb2b8ca3f363b305d21ba","status":"affected","versionType":"git"},{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"bcb8fad90f27300add583a8371db504b766d95c7","status":"affected","versionType":"git"},{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"b0878106ddc486375084145848ff255dedfff46a","status":"affected","versionType":"git"},{"version":"e2a7420df2e01370b40e4cf7b85ab9a885c6d755","lessThan":"a764b0e8317a863006e05732e1aefe821b9d8c2d","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/bonding/bond_main.c"],"versions":[{"version":"5.3","status":"affected"},{"version":"0","lessThan":"5.3","status":"unaffected","versionType":"semver"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.10.259"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"5.15.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.1.176"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.6.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.12.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"6.18.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"7.0.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.3","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1b7558c85493467b2ea20738866b822db6442034"},{"url":"https://git.kernel.org/stable/c/b02b2e3e876c18733b868a29064abd11cdbf8feb"},{"url":"https://git.kernel.org/stable/c/66693957bacd1c9dae6188a7312d6be69a221f2d"},{"url":"https://git.kernel.org/stable/c/a629418d463fb50d132a1aa063b0105857311e5f"},{"url":"https://git.kernel.org/stable/c/c2cfe290fdb1c32a4f4eb2b8ca3f363b305d21ba"},{"url":"https://git.kernel.org/stable/c/bcb8fad90f27300add583a8371db504b766d95c7"},{"url":"https://git.kernel.org/stable/c/b0878106ddc486375084145848ff255dedfff46a"},{"url":"https://git.kernel.org/stable/c/a764b0e8317a863006e05732e1aefe821b9d8c2d"}],"title":"net: bonding: fix NULL pointer dereference in bond_do_ioctl()","x_generator":{"engine":"bippy-1.2.0"}}}}