In the Linux kernel, the following vulnerability has been resolved:
bonding: prevent potential infinite loop in bondheaderparse()
bondheaderparse() can loop if a stack of two bonding devices is setup, because skb->dev always points to the hierarchy top.
Add new "const struct netdevice *dev" parameter to (struct headerops)->parse() method to make sure the recursion is bounded, and that the final leaf parse method is called.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23451.json",
"cna_assigner": "Linux"
}