Description
In the Linux kernel, the following vulnerability has been resolved:

nstree: tighten permission checks for listing

Even privileged services should not necessarily be able to see other
privileged service's namespaces so they can't leak information to each
other. Use may_see_all_namespaces() helper that centralizes this policy
until the nstree adapts.
Published: 2026-05-08
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Linux kernel allows privileged services to view the namespaces of other privileged services, potentially leaking sensitive configuration and state information. This improper permission check enables an unauthorized privileged process to gather data it should not have access to, thereby violating confidentiality constraints.

Affected Systems

Linux Kernel deployments across all vendor distributions. Specific affected versions are not enumerated in the advisory, so any kernel release prior to the inclusion of the fix may be vulnerable.

Risk and Exploitability

The CVSS score of 5.5 indicates a moderate severity vulnerability, while the EPSS score remains below 1% and the issue is not currently listed in CISA KEV. The attack vector is inferred to be local, requiring a privileged service that is already running on the system; a malicious or misconfigured service could exploit the weakened namespace visibility to extract information from other services.

Generated by OpenCVE AI on May 26, 2026 at 16:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the latest Linux kernel release that contains the fix for nstree permission checks.
  • Restrict or disable privileged services that unnecessarily share namespaces, ensuring they cannot see other services' namespaces.
  • Apply system hardening controls such as SELinux or AppArmor to enforce stricter access policies on namespace visibility.

Generated by OpenCVE AI on May 26, 2026 at 16:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Sat, 09 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-284

Sat, 09 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1220
References

Fri, 08 May 2026 17:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-284

Fri, 08 May 2026 14:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts.
Title nstree: tighten permission checks for listing
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:23:39.579Z

Reserved: 2026-05-01T14:12:56.007Z

Link: CVE-2026-43390

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-08T15:16:50.387

Modified: 2026-05-26T15:00:35.753

Link: CVE-2026-43390

cve-icon Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43390 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:30:10Z

Weaknesses