Skip to main content

Linux EUVDEUVD-2026-18702

| CVE-2026-23451 HIGH
Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)
2026-04-03 Linux GHSA-j6pc-6q9q-vr74
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 27, 2026 - 14:22 vuln.today
cvss_changed
CVSS changed
Apr 27, 2026 - 14:22 NVD
7.5 (HIGH)
Patch available
Apr 16, 2026 - 05:29 EUVD
9b49c854f14f5e2d493e562a1e28d2e57fe37371,4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13,946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c
EUVD ID Assigned
Apr 03, 2026 - 15:30 euvd
EUVD-2026-18702
Analysis Generated
Apr 03, 2026 - 15:30 vuln.today
CVE Published
Apr 03, 2026 - 15:15 nvd
N/A

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

bonding: prevent potential infinite loop in bond_header_parse()

bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top.

Add new "const struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.

AnalysisAI

Infinite loop in Linux kernel bonding device header parsing allows local denial of service when two bonding devices are stacked. The bond_header_parse() function can recurse indefinitely because skb->dev always points to the top of the device hierarchy. The fix adds a bounded recursion parameter to the header_ops parse() method to ensure the leaf parse method is called and prevent endless loops. This vulnerability affects all Linux kernel versions with the vulnerable bonding code and requires local access to trigger.

Technical ContextAI

The Linux kernel networking subsystem implements network device header parsing through the header_ops structure, which defines protocol-specific operations. The bonding driver creates virtual devices that aggregate multiple physical network interfaces. When bonding devices are nested (stacked) in a hierarchy, the socket buffer structure (skb->dev) maintains a pointer to the topmost device in the stack. The vulnerable bond_header_parse() function did not properly terminate recursion when processing nested bond devices, instead repeatedly processing the same top-level device. The fix introduces a new const struct net_device parameter to the parse() callback method signature, allowing the parsing logic to track which device is currently being processed and prevent infinite recursion. This is a kernel API change affecting the header_ops structure defined in linux/netdevice.h.

RemediationAI

Apply the Linux kernel patch by updating to a kernel version that includes the bonding header_ops recursion fix. The upstream patches are available in the Git repository at the following commit hashes: 946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c, 4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13, 9b49c854f14f5e2d493e562a1e28d2e57fe37371, and b7405dcf7385445e10821777143f18c3ce20fa04 in the stable kernel trees (https://git.kernel.org/stable/). For production systems, obtain the patched kernel version from your Linux distribution's kernel security updates, as upstream commits are typically integrated into stable releases and distribution kernels within 1-2 release cycles. If immediate patching is not feasible, restrict the ability for local users without proper authorization to configure bonding device stacks as a temporary mitigation, though this does not fully prevent exploitation by privileged users.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-18702 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy