CVE-2026-43456

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A type confusion exists in the bonding driver within the bond setup by slave() function. When a non-Ethernet device, such as a GRE tunnel, is enslaved to a bond, the driver directly copies the slave's header operations to the bond device. Consequently, when dev hard header() is called on the bond device, functions like ipgre header() or ip6gre header() use netdev priv() to access device-specific private data. This results in the function receiving the bond's private data (struct bonding) instead of the expected slave data (e.g., struct ip tunnel), leading to the processing of invalid values and subsequent kernel crashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.