Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-08T00:00:00 kernel: bonding: fix type confusion in bond_setup_by_slave() 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-843

A flaw was found in the Linux kernel's bonding driver. When a non-Ethernet device, such as a Generic Routing Encapsulation (GRE) tunnel, is added to a bond, a type confusion vulnerability occurs. This happens because the bonding driver incorrectly copies network header operations from the slave device, leading to the kernel accessing incorrect data structures. This can result in a kernel crash, causing a denial of service.

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Out of support scope kernel Red Hat Enterprise Linux 7 Affected kernel Red Hat Enterprise Linux 7 Affected kernel-rt Red Hat Enterprise Linux 8 Affected kernel Red Hat Enterprise Linux 8 Affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43456 https://nvd.nist.gov/vuln/detail/CVE-2026-43456 https://lore.kernel.org/linux-cve-announce/2026050859-CVE-2026-43456-ae60@gregkh/T