Local Denial-of-Service Vulnerability in Linux Kernel Networking Feature
CVE-2026-53337
What is CVE-2026-53337?
A vulnerability in the Linux kernel's bonding ioctl implementation can lead to a local denial-of-service condition due to a NULL pointer dereference. Specifically, when the function bond_do_ioctl() attempts to retrieve a slave device by interface name using __dev_get_by_name(), it does not correctly handle cases where the requested name does not exist, leading to a potential crash when accessing the device's name. This flaw, reachable from userspace with administrative capabilities, poses risks in network environments relying on the bonding feature.
Affected Version(s)
Linux e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < 1b7558c85493467b2ea20738866b822db6442034
Linux e2a7420df2e01370b40e4cf7b85ab9a885c6d755
Linux e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < 66693957bacd1c9dae6188a7312d6be69a221f2d