CVE-2026-43441

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A NULL pointer dereference occurs in the bonding network driver when the system is booted with the ipv6.disable=1 parameter. In this configuration, nd tbl is not initialized because inet6 init() exits before ndisc init() is called. If bonding ARP/NS validation is enabled, receiving an IPv6 Neighbor Solicitation (NS) or Neighbor Advertisement (NA) packet on a slave interface triggers bond validate na(), which subsequently calls bond has this ip6(). This execution path leads to ipv6 chk addr() and results in a system crash within the ipv6 chk addr and flags() function.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.