CVE-2026-31692 | THREATINT

Description

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net. Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer namespace before allowing device creation to proceed.

PUBLISHED Reserved 2026-03-09 | Published 2026-04-30 | Updated 2026-04-30 | Assigner Linux

Product status

Default status

unaffected

81adee47dfb608df3ad0b91d230fb3cef75f0060 (git) before 0975b64ffb34560042090a5986c3a02e6c80f36f

affected

81adee47dfb608df3ad0b91d230fb3cef75f0060 (git) before d04cc16d3624218a5458b2b664ae431f1b3b334d

affected

81adee47dfb608df3ad0b91d230fb3cef75f0060 (git) before 7b735ef81286007794a227ce2539419479c02a5f

affected

Default status

affected

2.6.33

affected

Any version before 2.6.33

unaffected

6.18.24 (semver)

unaffected

6.19.14 (semver)

unaffected

7.0 (original_commit_for_fix)

unaffected

References

git.kernel.org/...c/0975b64ffb34560042090a5986c3a02e6c80f36f

git.kernel.org/...c/d04cc16d3624218a5458b2b664ae431f1b3b334d

git.kernel.org/...c/7b735ef81286007794a227ce2539419479c02a5f

cve.org (CVE-2026-31692)

nvd.nist.gov (CVE-2026-31692)

Download JSON

help @ threatint.eu