nsfs: tighten permission checks for ns iteration ioctls_CVE-2026-43403

8.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

nsfs: tighten permission checks for ns iteration ioctls

Even privileged services should not necessarily be able to see other
privileged service's namespaces so they can't leak information to each
other. Use may_see_all_namespaces() helper that centralizes this policy
until the nstree adapts.

Basic Information

ID CVE-2026-43403

Source Linux

Published May 8, 2026 at 14:21

Modified May 11, 2026 at 06:34

Affected Product

Vendor Linux

Product Linux

Version a1d220d9dafa8d76ba60a784a1016c3134e6a1e8

Affected Versions Linux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8
Linux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8
Linux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8
Linux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8
Linux Linux 6.12

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsfs: tighten permission checks for ns iteration ioctls\n\nEven privileged services should not necessarily be able to see other\nprivileged service's namespaces so they can't leak information to each\nother. Use may_see_all_namespaces() helper that centralizes this policy\nuntil the nstree adapts.",
    "published": "2026-05-08T14:21:44.204Z",
    "modified": "2026-05-11T06:34:11.484Z",
    "type": "cve",
    "title": "nsfs: tighten permission checks for ns iteration ioctls",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/3376b345df155ca36d8611857b41ff7d5183fc38\nhttps://git.kernel.org/stable/c/2f3dea284c761c890d676f77d5e55c0c496b4ef4\nhttps://git.kernel.org/stable/c/0ad650e60150eda789deca5e78a6a09d26bf8fc9\nhttps://git.kernel.org/stable/c/e6b899f08066e744f89df16ceb782e06868bd148",
    "id": "CVE-2026-43403",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8\nLinux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8\nLinux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8\nLinux Linux a1d220d9dafa8d76ba60a784a1016c3134e6a1e8\nLinux Linux 6.12",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "a1d220d9dafa8d76ba60a784a1016c3134e6a1e8",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply