Skip to content

Reporting a 19+ Years Hidden Linux Kernel Zero-Day for Google kernelCTF: CVE-2026-43456

7.6 relevance
Score Breakdown
technical depth
9
novelty
9
actionability
4
community
8
strategic
8
personal
7

Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.

Major kernel zero-day disclosure; significant for security and infrastructure.

Security gmo-cybersecurity.com
Reporting a 19+ Years Hidden Linux Kernel Zero-Day for Google kernelCTF: CVE-2026-43456
Summary

A type confusion vulnerability in the Linux kernel's net/bonding subsystem, introduced in 2007 and fixed in March 2026, remained exploitable for over 19 years. Assigned CVE-2026-43456, it allows unprivileged users with CAP_NET_ADMIN to achieve reliable privilege escalation within one second at over 99% success rate. The discoverers earned over $80,000 from Google's kernelCTF bug bounty for reporting the flaw, which affects kernels from 2.6.24 through 6.12.77.

Author

ierae_koike

More from ierae_koike →