CVE-2026-23310 Linux CVE debrief

Who should care

Linux system administrators running bonded network interfaces with XDP programs; security teams monitoring kernel stability; network engineers using 802.3ad or balance-xor bonding modes

Technical summary

The Linux kernel bonding driver's bond_option_xmit_hash_policy_set() function failed to validate XDP program compatibility when changing the transmit hash policy to vlan+srcmac. This allowed a configuration state where bond->xdp_prog remained set but bond_xdp_check() would return false, causing dev_xdp_uninstall() to fail with -EOPNOTSUPP and trigger WARN_ON during bond destruction. The vulnerability affects 802.3ad and balance-xor bonding modes. The fix adds bond_xdp_check() validation to prevent incompatible policy changes while XDP is loaded.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable branches (5.15.130+, 6.6.130+, 6.12.77+, 6.18.17+, 6.19.7+) to add the missing bond_xdp_check() guard in bond_option_xmit_hash_policy_set()
• Monitor kernel logs for WARN_ON messages related to dev_xdp_install on bond interfaces, which may indicate exploitation attempts or existing incompatible configurations
• Review bond configurations to ensure xmit_hash_policy is not set to vlan+srcmac when XDP programs are loaded on 802.3ad or balance-xor bonds
• Upgrade to kernel 6.19.7 or later, or 7.0-rc3 or later, which contain the fix

Evidence notes

The vulnerability description and patch references confirm the issue affects Linux kernel bonding driver versions 5.15 through 6.19.7, plus 7.0-rc1 and 7.0-rc2. The fix was committed to multiple stable branches as referenced in the NVD record.

Official resources