Volerion logoVolerion
Volerion logoVolerion

Linux Kernel LAPB Ethernet Device Type Change Handling Vulnerability

Vulnerability

A vulnerability in the Linux kernel's LAPB Ethernet handling has been addressed. The issue arose because the 'lapbeth_data_transmit' function required the underlying device type to be Ethernet, but this expectation could be violated. The bonding driver was allowed to enslave non-Ethernet devices, potentially leading to issues. The vulnerability has been fixed by ensuring that the bonding driver cannot disrupt this requirement.

Impact

The vulnerability could have allowed the bonding driver to improperly manage non-Ethernet devices, potentially leading to network communication issues.

Reproduction

The vulnerability could be reproduced by using the bonding driver to enslave a non-Ethernet device, which would violate the expectation of the 'lapbeth_data_transmit' function regarding the device type.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: May 6, 2026, 10:41 AM
Updated: May 6, 2026, 10:41 AM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
7.7
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.