CVE-2026-43456

A flaw was found in the Linux kernel's bonding driver. When a non-Ethernet device, such as a Generic Routing Encapsulation GRE tunnel, is added to a bond, a type confusion vulnerability occurs. This happens because the bonding driver incorrectly copies network header operations from the slave...

CVE-2026-31419

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bondxmitbroadcast bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release can mutate the slave list...

Linux Distros Unpatched Vulnerability : CVE-2024-39296

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod rmmod bonding causes an oops ever since commit cc317ea3d927...

CVE-2023-53103

In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFFSLAVE flag if a non-eth dev enslave fails syzbot reported a warning1 where the bond device itself is a slave and we try to enslave a non-ethernet device as the first slave which fails but then in the...

SUSE CVE-2024-46678

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipseclock from spin lock to mutex In the cited commit, bond-ipseclock is added to protect ipseclist, hence xdodevstateadd and xdodevstatedelete are called inside this lock. As ipseclock is a spin lock and such...