๐Ÿ” CVE Alert

CVE-2026-53337

UNKNOWN 0.0

net: bonding: fix NULL pointer dereference in bond_do_ioctl()

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bond_do_ioctl() In bond_do_ioctl(), slave_dev is obtained via __dev_get_by_name() which can return NULL if the requested interface name does not exist. However, the subsequent slave_dbg() call is placed before the NULL check: slave_dev = __dev_get_by_name(net, ifr->ifr_slave); slave_dbg(bond_dev, slave_dev, "slave_dev=%p:\n", slave_dev); //here if (!slave_dev) return -ENODEV; The slave_dbg() macro expands to netdev_dbg(bond_dev, "(slave %s): " fmt, (slave_dev)->name, ...) which unconditionally dereferences slave_dev->name before the NULL check is performed. This results in a NULL pointer dereference kernel oops when a user calls bonding ioctl (e.g. SIOCBONDENSLAVE, SIOCBONDRELEASE, etc.) with a non-existent slave interface name. This is reachable from userspace via the bonding ioctl interface with CAP_NET_ADMIN capability, making it a potential local denial-of-service vector. Fix by moving the slave_dbg() call after the NULL check.

Vendor linux
Product linux
Ecosystems
Industries
Technology
Published Jul 1, 2026
Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Linux / Linux
e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < 1b7558c85493467b2ea20738866b822db6442034 e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < b02b2e3e876c18733b868a29064abd11cdbf8feb e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < 66693957bacd1c9dae6188a7312d6be69a221f2d e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < a629418d463fb50d132a1aa063b0105857311e5f e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < c2cfe290fdb1c32a4f4eb2b8ca3f363b305d21ba e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < bcb8fad90f27300add583a8371db504b766d95c7 e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < b0878106ddc486375084145848ff255dedfff46a e2a7420df2e01370b40e4cf7b85ab9a885c6d755 < a764b0e8317a863006e05732e1aefe821b9d8c2d
Linux / Linux
5.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
git.kernel.org: https://git.kernel.org/stable/c/1b7558c85493467b2ea20738866b822db6442034 git.kernel.org: https://git.kernel.org/stable/c/b02b2e3e876c18733b868a29064abd11cdbf8feb git.kernel.org: https://git.kernel.org/stable/c/66693957bacd1c9dae6188a7312d6be69a221f2d git.kernel.org: https://git.kernel.org/stable/c/a629418d463fb50d132a1aa063b0105857311e5f git.kernel.org: https://git.kernel.org/stable/c/c2cfe290fdb1c32a4f4eb2b8ca3f363b305d21ba git.kernel.org: https://git.kernel.org/stable/c/bcb8fad90f27300add583a8371db504b766d95c7 git.kernel.org: https://git.kernel.org/stable/c/b0878106ddc486375084145848ff255dedfff46a git.kernel.org: https://git.kernel.org/stable/c/a764b0e8317a863006e05732e1aefe821b9d8c2d