Local Denial-of-Service Vulnerability in Linux Kernel Networking Feature
CVE-2026-53337

Currently unrated

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
1 July 2026

What is CVE-2026-53337?

A vulnerability in the Linux kernel's bonding ioctl implementation can lead to a local denial-of-service condition due to a NULL pointer dereference. Specifically, when the function bond_do_ioctl() attempts to retrieve a slave device by interface name using __dev_get_by_name(), it does not correctly handle cases where the requested name does not exist, leading to a potential crash when accessing the device's name. This flaw, reachable from userspace with administrative capabilities, poses risks in network environments relying on the bonding feature.

Affected Version(s)

Linux e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < 1b7558c85493467b2ea20738866b822db6442034

Linux e2a7420df2e01370b40e4cf7b85ab9a885c6d755

Linux e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < 66693957bacd1c9dae6188a7312d6be69a221f2d

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.