Skip to main content

Linux Kernel EUVDEUVD-2026-27616

| CVE-2026-43103 MEDIUM
2026-05-06 Linux
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 17:37 vuln.today
CVSS changed
May 11, 2026 - 17:37 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 11:31 EUVD
CVE Published
May 06, 2026 - 07:40 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

net: lapbether: handle NETDEV_PRE_TYPE_CHANGE

lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER.

Returning NOTIFY_BAD from lapbeth_device_event() makes sure bonding driver can not break this expectation.

AnalysisAI

Denial of service in Linux kernel lapbether driver allows local authenticated attackers to crash the system by triggering a device type change that violates the ARPHRD_ETHER requirement when transmitting data. The vulnerability exists in the lapbeth_data_transmit() function which assumes the underlying device type remains Ethernet; a local user with low privileges can manipulate the bonding driver to change the device type, causing the kernel to reach an unhandled state and crash. EPSS score of 0.02% indicates low real-world exploitation probability despite the vulnerability being patched across multiple kernel versions.

Technical ContextAI

The lapbether (LAPB over Ethernet) driver is a Linux kernel networking module that implements Link Access Procedure, Balanced (LAPB) protocol transmission over Ethernet devices. The vulnerability resides in the device event handler (lapbeth_device_event()) which receives NETDEV_PRE_TYPE_CHANGE notifications when a network device's type is about to change. The lapbeth_data_transmit() function depends on the underlying device maintaining ARPHRD_ETHER (Ethernet hardware type) to function correctly; without proper validation via NOTIFY_BAD return in the pre-change handler, the bonding driver can alter the device type while lapbether still expects Ethernet, creating a type mismatch. This is a logic error in state validation rather than a memory corruption or injection vulnerability. The root cause is incomplete notification handling for device type transitions.

RemediationAI

Apply kernel patch via vendor-released update to a version containing commit 363a38044b8cd5b496d241651a1fb666e7c5fe3e or later. Stable kernel versions 6.6.136, 6.12.83, 6.18.24, 6.19.14, and 7.0+ contain the fix; users should update to the latest available kernel in their stable series. The patch adds proper NETDEV_PRE_TYPE_CHANGE event handling by returning NOTIFY_BAD, preventing the bonding driver from changing device types on lapbether interfaces. For systems unable to immediately patch, disable the lapbether driver using 'echo blacklist lapbether >> /etc/modprobe.d/blacklist.conf' and reboot - this eliminates exposure but breaks LAPB/X.25 networking if in use. Alternative: if lapbether must remain loaded, avoid using bonding on the underlying Ethernet device carrying LAPB traffic; this prevents the device type change trigger but reduces network flexibility. Kernel rebuild and testing is required for any local patching; use official distribution kernel packages when available.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

EUVD-2026-27616 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy