PT-2026-54805 · Linux · Linux Kernel

Published

2026-07-01

·

Updated

2026-07-02

·

CVE-2026-53337

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A NULL pointer dereference exists in the bond do ioctl() function. The issue occurs because the slave dbg() macro is called before the system verifies if the slave dev variable is NULL. When a user provides a non-existent slave interface name through the bonding ioctl interface (such as SIOCBONDENSLAVE or SIOCBONDRELEASE), the slave dbg() macro attempts to access slave dev->name, leading to a kernel oops. This can be triggered by a local user with CAP NET ADMIN capabilities, potentially resulting in a local denial-of-service.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

CVE-2026-53337
ECHO-EBF9-5D5E-F332

Affected Products

Linux Kernel