CVE-2026-43456

A flaw was found in the Linux kernel's bonding driver. When a non-Ethernet device, such as a Generic Routing Encapsulation GRE tunnel, is added to a bond, a type confusion vulnerability occurs. This happens because the bonding driver incorrectly copies network header operations from the slave...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bonding: A buffer overflow issue was fixed in the bondoptionarpiptargetsset function. In this function, if newval-string is an empty string, newval-string+1 will point to the byte after the string, leading to a buffer overflow an...

CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bonddebugrlbhashshow rlbclearslave intentionally keeps RLB hash-table entries on the rxhashtblusedhead list with slave set to NULL when no replacement slave is available. However,...

CVE-2026-31419

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix use-after-free in bondxmitbroadcast bondxmitbroadcast reuses the original skb for the last slave determined by bondislastslave and clones it for others. Concurrent slave enslave/release can mutate the slave list...

CVE-2026-23212 bonding: annotate data-races around slave->last_rx

In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave-lastrx slave-lastrx and slave-targetlastarprx... can be read and written locklessly. Add READONCE and WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in bondrcvvalidate /...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989888)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989888 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 net: lapbether: only support...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-385733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-385733 advisory. In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave...

Linux Distros Unpatched Vulnerability : CVE-2024-39296

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod rmmod bonding causes an oops ever since commit cc317ea3d927...

CVE-2023-53103

In the Linux kernel, the following vulnerability has been resolved: bonding: restore bond's IFFSLAVE flag if a non-eth dev enslave fails syzbot reported a warning1 where the bond device itself is a slave and we try to enslave a non-ethernet device as the first slave which fails but then in the...

kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave before dereferencing the pointer...

SUSE CVE-2024-46678

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipseclock from spin lock to mutex In the cited commit, bond-ipseclock is added to protect ipseclist, hence xdodevstateadd and xdodevstatedelete are called inside this lock. As ipseclock is a spin lock and such...

UBUNTU-CVE-2024-44990

In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bondipsecoffloadok We must check if there is an active slave before dereferencing the pointer...