CVE-2026-43103 - Vulnerability Details

- net: lapbether: handle NETDEV_PRE_TYPE_CHANGE

Description

In the Linux kernel, the following vulnerability has been resolved:

net: lapbether: handle NETDEV_PRE_TYPE_CHANGE

lapbeth_data_transmit() expects the underlying device type
to be ARPHRD_ETHER.

Returning NOTIFY_BAD from lapbeth_device_event() makes sure
bonding driver can not break this expectation.

Published: 2026-05-06

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

lapbeth_data_transmit() assumes the underlying device type is ARPHRD_ETHER; if a device of a different type triggers a NETDEV_PRE_TYPE_CHANGE event without proper handling, the function may operate on invalid data, potentially leading to kernel crashes or denial of service. The fix ensures that the bonding driver returns NOTIFY_BAD, preventing the breach of this assumption.

Affected Systems

The flaw is in the Linux kernel’s lapbether networking driver. All distributions shipping a kernel that includes the lapbether code are potentially affected. No specific kernel version numbers are listed, so any system running a kernel before the commit that applies the patch should be treated as vulnerable.

Risk and Exploitability

Because EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, no exploitation probability or formal severity score is provided. The absence of a CVSS score means the formal severity assessment is unknown, but kernel networking bugs typically pose high risk if successfully exploited. Caution is advised while a patch is applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`872254dd6b1f80cb95ee9e2e22980888533fc293`	affected	< 363a38044b8cd5b496d241651a1fb666e7c5fe3e
`872254dd6b1f80cb95ee9e2e22980888533fc293`	affected	< 328bb2cff5c2ed973f595ded769e15f4b7a117be
`872254dd6b1f80cb95ee9e2e22980888533fc293`	affected	< 63851f60781aa89258c8f0952cd13940aab0888e
`872254dd6b1f80cb95ee9e2e22980888533fc293`	affected	< b117056768ab7deb434e7d72065e48d2083a0c2a
`872254dd6b1f80cb95ee9e2e22980888533fc293`	affected	< b120e4432f9f56c7103133d6a11245e617695adb

Linux

affected

Version	Status	Constraints
`2.6.24`	affected	—
`0`	unaffected	< 2.6.24
`6.6.136`	unaffected	≤ 6.6.*
`6.12.83`	unaffected	≤ 6.12.*
`6.18.24`	unaffected	≤ 6.18.*
`6.19.14`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that contains the commit resolving the lapbether device event handling bug.
After upgrading, verify that network bonding devices are correctly configured to use Ethernet (ARPHRD_ETHER) or are running a bonding driver that handles pre‑type‑change events.
Restart networking services or reboot the system to apply the updated kernel and bonding driver changes.

Generated by OpenCVE AI on May 6, 2026 at 11:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/328bb2cff5c2ed973f595ded769e15f4b7a117be
https://git.kernel.org/stable/c/363a38044b8cd5b496d241651a1fb666e7c5fe3e
https://git.kernel.org/stable/c/63851f60781aa89258c8f0952cd13940aab0888e
https://git.kernel.org/stable/c/b117056768ab7deb434e7d72065e48d2083a0c2a
https://git.kernel.org/stable/c/b120e4432f9f56c7103133d6a11245e617695adb

History

Wed, 06 May 2026 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-704

Wed, 06 May 2026 09:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEV_PRE_TYPE_CHANGE lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER. Returning NOTIFY_BAD from lapbeth_device_event() makes sure bonding driver can not break this expectation.
Title		net: lapbether: handle NETDEV_PRE_TYPE_CHANGE
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/328bb2cff5c2ed973f595ded769e15f4b7a117be https://git.kernel.org/stable/c/363a38044b8cd5b496d241651a1fb666e7c5fe3e https://git.kernel.org/stable/c/63851f60781aa89258c8f0952cd13940aab0888e https://git.kernel.org/stable/c/b117056768ab7deb434e7d72065e48d2083a0c2a https://git.kernel.org/stable/c/b120e4432f9f56c7103133d6a11245e617695adb

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-06T07:40:32.357Z

Updated: 2026-05-06T07:40:32.357Z

Reserved: 2026-05-01T14:12:55.984Z

Link: CVE-2026-43103

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-06T10:16:23.867

Modified: 2026-05-06T10:16:23.867

Link: CVE-2026-43103

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-06T11:45:03Z

Weaknesses

CWE-704

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object