CVE-2026-23451
Published: 03 April 2026
Summary
CVE-2026-23451 is a high-severity Infinite Loop (CWE-835) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).
Deeper analysis
CVE-2026-23451 is a vulnerability in the Linux kernel's bonding driver that can lead to a potential infinite loop in the bond_header_parse() function. The issue arises when a stack of two bonding devices is configured, as skb->dev consistently points to the top of the hierarchy, preventing proper recursion termination during header parsing. This affects Linux kernel versions utilizing the bonding module for network interface aggregation.
The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable over the network with low complexity by unauthenticated attackers without user interaction. An attacker can send crafted packets to a vulnerable interface with stacked bonding devices, triggering the infinite loop and causing a denial of service through resource exhaustion, such as high CPU usage.
Mitigation is provided through kernel patches available in stable releases, as detailed in the referenced commits. These patches add a new "const struct net_device *dev" parameter to the (struct header_ops)->parse() method, ensuring recursion is bounded and the final leaf parse method is invoked correctly. Security practitioners should apply these updates to systems using bonding with stacked configurations.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-18702
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: bonding: prevent potential infinite loop in bond_header_parse() bond_header_parse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top. Add new "const…
more
struct net_device *dev" parameter to (struct header_ops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Infinite loop DoS triggered by crafted network packets directly matches application/system exploitation for endpoint denial of service.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the CVE by requiring identification, reporting, and timely correction of the Linux kernel bonding driver flaw through application of available stable patches.
Mitigates the denial-of-service impact from crafted packets triggering infinite loops in bond_header_parse() by implementing protections against resource exhaustion attacks.
Facilitates detection of exploitation attempts via monitoring for indicators such as high CPU usage or anomalous network processing on stacked bonding interfaces.