Cyber Resilience

CVE-2026-23451

HighDDoSUpdated

Published: 03 April 2026

Published
03 April 2026
Modified
21 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 19.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-23451 is a high-severity Infinite Loop (CWE-835) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2026-23451 is a vulnerability in the Linux kernel's bonding driver that can lead to a potential infinite loop in the bond_header_parse() function. The issue arises when a stack of two bonding devices is configured, as skb->dev consistently points to the top of the hierarchy, preventing proper recursion termination during header parsing. This affects Linux kernel versions utilizing the bonding module for network interface aggregation.

The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity by unauthenticated attackers without user interaction. An attacker can send crafted packets to a vulnerable interface with stacked bonding devices, triggering the infinite loop and causing a denial of service through resource exhaustion, such as high CPU usage.

Mitigation is provided through kernel patches available in stable releases, as detailed in the referenced commits. These patches add a new "const struct net_device *dev" parameter to the (struct header_ops)->parse() method, ensuring recursion is bounded and the final leaf parse method is invoked correctly. Security practitioners should apply these updates to systems using bonding with stacked configurations.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top. Add new "const…

more

struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Infinite loop DoS triggered by crafted network packets directly matches application/system exploitation for endpoint denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-31448Same product: Linux Linux Kernel
CVE-2026-31552Same product: Linux Linux Kernel
CVE-2026-23388Same product: Linux Linux Kernel
CVE-2026-23242Same product: Linux Linux Kernel
CVE-2026-22991Same product: Linux Linux Kernel
CVE-2025-21717Same product: Linux Linux Kernel
CVE-2026-23459Same product: Linux Linux Kernel
CVE-2026-31640Same product: Linux Linux Kernel
CVE-2026-31739Same product: Linux Linux Kernel
CVE-2024-56772Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
6.12.78, 6.18.19, 6.19.9, 7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring identification, reporting, and timely correction of the Linux kernel bonding driver flaw through application of available stable patches.

preventdetect

Mitigates the denial-of-service impact from crafted packets triggering infinite loops in bond_header_parse() by implementing protections against resource exhaustion attacks.

detect

Facilitates detection of exploitation attempts via monitoring for indicators such as high CPU usage or anomalous network processing on stacked bonding interfaces.

References