- cross-posted to:
- linuxsucks
- cross-posted to:
- linuxsucks
CVE-2026-43456 is a local privilege escalation vulnerability in the Linux kernel caused by a flaw in the bonding driver that can lead to use-after-free conditions during interface teardown and state transitions. Under the right conditions, a local attacker can leverage the race to obtain root privileges.



This is already been fixed in Debian stable with linux-6.12.86-1:
https://security-tracker.debian.org/tracker/CVE-2026-43456
Yup just a PSA to get patched asap