CVE-2026-43391 - Vulnerability Details

- nsfs: tighten permission checks for handle opening

Description

In the Linux kernel, the following vulnerability has been resolved:

nsfs: tighten permission checks for handle opening

Even privileged services should not necessarily be able to see other
privileged service's namespaces so they can't leak information to each
other. Use may_see_all_namespaces() helper that centralizes this policy
until the nstree adapts.

Published: 2026-05-08

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability stems from an insufficient permission check when opening namespace handles in the Linux nsfs filesystem. Based on the description, privileged services are able to open handles to other privileged services' namespaces, which they should not be able to. This results in unintended visibility of namespace information, effectively leaking metadata about other services' namespaces. The issue is an example of improper access control and a permission or privilege issue (CWE‑1220).

Affected Systems

All Linux kernel installations that have not yet applied the fix are affected. The change is identified in the kernel source, and any kernel version preceding that commit may allow the described permission bypass. Linux is the vendor, and the product is the Linux kernel, although no specific version range is listed.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score of less than 1% suggests that exploitation attempts are currently rare. The vulnerability is not listed in the CISA KEV catalog. An attacker who can run a privileged service can abuse the insufficient permission checks to open handles to other privileged services' namespaces, thereby obtaining metadata about those namespaces. This information disclosure could be leveraged to plan more targeted attacks. The exploitation path requires kernel privilege; therefore environments with multiple privileged services need to apply the fix promptly to mitigate this risk.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`5222470b2fbb3740f931f189db33dd1367b1ae75`	affected	< 1797ee11451f1b2be69863a9f5bd43b948813fdf
`5222470b2fbb3740f931f189db33dd1367b1ae75`	affected	< d2324a9317f00013facb0ba00b00440e19d2af5e

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[5222470b2fbb3740f931f189db33dd1367b1ae75,1797ee11451f1b2be69863a9f5bd43b948813fdf)`	affected	code_commit	—
`[5222470b2fbb3740f931f189db33dd1367b1ae75,d2324a9317f00013facb0ba00b00440e19d2af5e)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	semver	—
`[0,6.18)`	unaffected	generic	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a Linux kernel version that incorporates the nsfs permission check fix.
Ensure that services with elevated capabilities are granted only the minimal permissions necessary and do not run with full CAP_SYS_ADMIN unless required.
Regularly audit namespace configurations and restrict cross‑namespace visibility using cgroup and namespace isolation practices.

Generated by OpenCVE AI on May 26, 2026 at 16:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1797ee11451f1b2be69863a9f5bd43b948813fdf
https://git.kernel.org/stable/c/d2324a9317f00013facb0ba00b00440e19d2af5e
https://lore.kernel.org/linux-cve-announce/2026050836-CVE-2026-43391-4889@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43391
https://www.cve.org/CVERecord?id=CVE-2026-43391

History

Tue, 26 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

Mon, 11 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Sat, 09 May 2026 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-284

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-1220
References		https://lore.kernel.org/linux-cve-announce/2026050836-CVE-2026-43391-4889@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43391 https://www.cve.org/CVERecord?id=CVE-2026-43391

Fri, 08 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for handle opening Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts.
Title		nsfs: tighten permission checks for handle opening
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1797ee11451f1b2be69863a9f5bd43b948813fdf https://git.kernel.org/stable/c/d2324a9317f00013facb0ba00b00440e19d2af5e

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:36.012Z

Updated: 2026-05-11T22:23:40.738Z

Reserved: 2026-05-01T14:12:56.007Z

Link: CVE-2026-43391

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T15:16:50.490

Modified: 2026-05-26T14:56:22.923

Link: CVE-2026-43391

Redhat

Severity :

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43391 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-26T16:45:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object