CVE-2026-43456 is a local privilege escalation vulnerability in the Linux kernel caused by a flaw in the bonding driver that can lead to use-after-free conditions during interface teardown and state transitions. Under the right conditions, a local attacker can leverage the race to obtain root privileges.
You must log in or # to comment.
This is already been fixed in Debian stable with linux-6.12.86-1:
Yup just a PSA to get patched asap
Except it does not actually appear on CISA’s KEV list?
https://www.cisa.gov/known-exploited-vulnerabilities-catalog



