Description
In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: add missing netlink_ns_capable() check for peer netns

rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer
network namespace when creating paired devices (veth, vxcan,
netkit). This allows an unprivileged user with a user namespace
to create interfaces in arbitrary network namespaces, including
init_net.

Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer
namespace before allowing device creation to proceed.
Published: 2026-04-30
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In the Linux kernel, the rtnl_newlink function omitted a capability check on the peer network namespace when creating paired devices such as veth, vxcan, or netkit. This flaw allows an unprivileged user who has created a user namespace to add interfaces to any network namespace, including the system’s init_net. The missing check grants the attacker the equivalent of CAP_NET_ADMIN in the peer namespace, enabling unauthorized manipulation of network topology and potential abuse of network resources. The weakness is an improper access control failure and a least privilege violation (CWE‑272).

Affected Systems

All Linux kernel versions that have not yet incorporated the fix are vulnerable. The flaw manifests when creating veth, vxcan, or netkit interfaces in any user‑created or system network namespace. No specific upstream version numbers are provided, so any kernel not yet patched by the referenced commit is affected.

Risk and Exploitability

The CVSS score of 5.5 indicates medium severity. The EPSS score of < 1 % indicates a low but nonzero exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a local user possessing a user namespace, which can be set up by an unprivileged user. Because the flaw allows creation of interfaces in arbitrary namespaces, the impact could range from unauthorized network topology changes to potential privilege escalation if combined with other kernel weaknesses.

Generated by OpenCVE AI on May 6, 2026 at 21:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel patch that includes the netlink_ns_capable() check for peer namespaces
  • Restrict or disable the use of user namespaces on the affected systems
  • Configure kernel or network namespace policies to enforce CAP_NET_ADMIN for all interface management operations

Generated by OpenCVE AI on May 6, 2026 at 21:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 02 May 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Sat, 02 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-272
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important

Thu, 30 Apr 2026 14:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Thu, 30 Apr 2026 11:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net. Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer namespace before allowing device creation to proceed.
Title rtnetlink: add missing netlink_ns_capable() check for peer netns
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:13:52.952Z

Reserved: 2026-03-09T15:48:24.131Z

Link: CVE-2026-31692

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-30T11:16:20.860

Modified: 2026-05-06T20:05:55.800

Link: CVE-2026-31692

cve-icon Redhat

Severity : Important

Publid Date: 2026-04-30T00:00:00Z

Links: CVE-2026-31692 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:00:14Z

Weaknesses