CVE-2026-52909

Source
https://cve.org/CVERecord?id=CVE-2026-52909
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52909.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-52909
Downstream
Related
Published
2026-06-19T14:43:33.214Z
Modified
2026-07-09T21:00:04.507068642Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ip6_vti: set netns_immutable on the fallback device.
Details

In the Linux kernel, the following vulnerability has been resolved:

ip6vti: set netnsimmutable on the fallback device.

john1988 and Noam Rathaus reported that vti6initnet() does not set the netnsimmutable flag on the per-netns fallback tunnel device (ip6vti0).

Other similar tunnel drivers (like ip6tunnel, sit, ip6gre, and ip_tunnel) correctly set this flag during their fallback device initialization to prevent them from being moved to another network namespace.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/52xxx/CVE-2026-52909.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
61220ab349485d911083d0b7990ccd3db6c63297
Fixed
12acc977838c943636fb01e2f3087d2e4cc3b7cc
Fixed
7f28e3948c59481f8db9c9638e204258d26b4e41
Fixed
12c65e2c7fef507551bd7b52123598a761662c01
Fixed
f4b6b4af7ef0661ac153c6f7eb1030aa8482c1a3
Fixed
c5dbd669db5a426b3025512322e1bf2cdbe14305
Fixed
ecf8904067dcba0dad86ece80874841e60317885
Fixed
dcdce3bc9f08026ff3739ee7339e1bef526fc5f3
Fixed
d289d5307762d1838aaece22c6b6fcad9e8865f9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52909.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.15.0
Fixed
5.10.260
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.211
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.177
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.144
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.95
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-52909.json"