CVE-2026-23276

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the tunnel xmit functions (iptunnel xmit, ip6tunnel xmit). These functions lack a recursion limit, which can lead to an infinite recursion loop when a bond device in broadcast mode has GRE tap interfaces as slaves. This recursion occurs when multicast/broadcast traffic is routed back through the bond, causing a kernel stack overflow. The issue arises because tunnel recursion involves route lookups and full IP output, consuming significant stack space per level. The vulnerability is triggered when processing traffic through tunnel interfaces, potentially impacting systems using bonding with GRE tunnels. The bond xmit broadcast() and ip tunnel xmit()/ip6 tnl xmit() functions are involved in the recursive loop. The existing XMIT RECURSION LIMIT is insufficient to prevent the overflow.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.