Stack Overflow Vulnerability in Linux Kernel for Bonding Devices with GRE Tunnels
CVE-2026-23276

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
20 March 2026

What is CVE-2026-23276?

A vulnerability in the Linux kernel involves a stack overflow due to the lack of a dedicated recursion limit in certain tunnel transmission functions. When a bonding device operates in broadcast mode and utilizes GRE tap interfaces, infinite recursion can occur when multicast or broadcast traffic routes through the bonding interface. This situation leads to kernel stack overflow and potential system instability. The issue arises from the existing recursion limit being insufficient for tunnel recursion, which demands more stack space per level due to route lookups and full IP output. A new recursion limit has been introduced to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 745e20f1b626b1be4b100af5d4bf7b3439392f8f < 8a57deeb256069f262957d8012418559ff66c385

Linux 745e20f1b626b1be4b100af5d4bf7b3439392f8f

Linux 745e20f1b626b1be4b100af5d4bf7b3439392f8f < 6f1a9140ecda3baba3d945b9a6155af4268aafc4

References

https://git.kernel.org/stable/c/8a57deeb256069f262957d801...
https://git.kernel.org/stable/c/b56b8d19bd05e2a8338385c77...
https://git.kernel.org/stable/c/6f1a9140ecda3baba3d945b9a...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.