CVE-2026-31692

Published: Apr 30, 2026

Modified: May 11, 2026

PUBLISHED

Description

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net. Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer namespace before allowing device creation to proceed.

Vendor	Product	Versions
Linux	Linux	affected `81adee47dfb608df3ad0b91d230fb3cef75f0060 - < 0975b64ffb34560042090a5986c3a02e6c80f36f` affected `81adee47dfb608df3ad0b91d230fb3cef75f0060 - < d04cc16d3624218a5458b2b664ae431f1b3b334d` affected `81adee47dfb608df3ad0b91d230fb3cef75f0060 - < 7b735ef81286007794a227ce2539419479c02a5f`
Linux	Linux	affected `2.6.33` unaffected `0 - < 2.6.33` unaffected `6.18.24 - <= 6.18.` unaffected `6.19.14 - <= 6.19.` unaffected `7.0 - <= *`

References

https://git.kernel.org/stable/c/0975b64ffb34560042090a5986c3a02e6c80f36f

https://git.kernel.org/stable/c/d04cc16d3624218a5458b2b664ae431f1b3b334d

https://git.kernel.org/stable/c/7b735ef81286007794a227ce2539419479c02a5f

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31692

Description

Affected Products

References