CVE-2026-23310

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw in the bonding driver where changes to the xmit hash policy to vlan+srcmac are not properly restricted when an XDP program is loaded. Specifically, the bond option xmit hash policy set() function lacks a guard present in bond xdp check() and bond option mode set(). This allows a user to change the xmit hash policy to vlan+srcmac while an XDP program is active, leading to a warning and potential issues when the bond is destroyed, specifically within the dev xdp uninstall() function and bond xdp set(). The issue arises because the bond xdp check() function returns false for 802.3ad and balance-xor modes when the xmit hash policy is vlan+srcmac, but this check is not applied when modifying the policy after XDP is loaded. The vulnerable function is bond option xmit hash policy set().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.