Main Vulnerability Database SB2026040677

SB2026040677 - Infinite loop in Linux kernel phonet

Published: April 6, 2026

Security Bulletin ID SB2026040677

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Infinite loop (CVE-ID: CVE-2026-23451)

The vulnerability allows a local attacker to cause a denial of service.

The vulnerability exists due to an infinite loop in bond_header_parse() when parsing packet headers in a stack of two bonding devices. A local attacker can trigger packet processing in this configuration to cause a denial of service.

The issue occurs because device recursion can remain bounded to the hierarchy top, leading to repeated parsing instead of reaching the final leaf parse method.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/4172a7901cf43fe1cc63ef7a2ef33735ff7b7d13
https://git.kernel.org/stable/c/946bb6cacf0ccada7bc80f1cfa07c1ed79511c1c
https://git.kernel.org/stable/c/9b49c854f14f5e2d493e562a1e28d2e57fe37371
https://git.kernel.org/stable/c/b7405dcf7385445e10821777143f18c3ce20fa04