Impact
A NULL pointer dereference in the Linux kernel bonding driver occurs when bond_do_ioctl() calls a debug routine on a slave device pointer before verifying that the pointer is non‑NULL. This unguarded dereference results in a kernel oops and a crash that can be triggered by any user space process that has CAP_NET_ADMIN capability. The flaw exemplifies a classic null‑pointer dereference weakness (CWE‑476) and causes a local denial‑of‑service by bringing down the kernel.
Affected Systems
All Linux kernel builds that include the generic bonding driver and expose the bonding ioctl interface are potentially vulnerable; no specific release or patch level is specified. The impact applies to all users of the bonding feature regardless of the particular distribution or kernel configuration.
Risk and Exploitability
The vulnerability is reachable locally from user space by invoking bonding ioctl commands such as SIOCBONDENSLAVE or SIOCBONDRELEASE with a non‑existent slave interface name. An attacker must possess CAP_NET_ADMIN privileges to initiate the exploit, so the attack vector is terrestrial and privileged. While the EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, the severity of a kernel crash means that, once executed, the DoS effect is immediate and complete. The risk is therefore moderate to high for systems that expose bonding ioctl and allow trusted users to manipulate bonding interfaces. The likely attack path therefore involves a local administrator or a compromised privileged process. Since no remote code execution is possible, the impact remains confined to local denial of service.
OpenCVE Enrichment