CVE-2026-43403 - Vulnerability Details

- nsfs: tighten permission checks for ns iteration ioctls

Description

In the Linux kernel, the following vulnerability has been resolved:

nsfs: tighten permission checks for ns iteration ioctls

Even privileged services should not necessarily be able to see other
privileged service's namespaces so they can't leak information to each
other. Use may_see_all_namespaces() helper that centralizes this policy
until the nstree adapts.

Published: 2026-05-08

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel previously allowed namespace‐iteration ioctl calls to expose the names of other privileged services’ namespaces. The patch tightens permission checks, preventing privileged services from inadvertently seeing or inferring information about namespaces belonging to other privileged processes. This change reduces the risk of metadata leakage that could aid in further local attacks. The vulnerability is an example of improper access control that can be used to obtain unintended information.

Affected Systems

All Linux kernel builds prior to the inclusion of the patch are affected. The patch is included in recent kernel releases; no specific version range was provided in the advisory.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. The EPSS score is approximately 0.00013, corresponding to a lower than 1% likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is local and would require the attacker to run privileged code that can issue the namespace‑iteration ioctls. Because the vulnerability exists only for privileged services and the fix is a permission check, exploitation is non‑trivial and likely limited to scenarios where the attacker can activate or modify privileged services.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`a1d220d9dafa8d76ba60a784a1016c3134e6a1e8`	affected	< 3376b345df155ca36d8611857b41ff7d5183fc38
`a1d220d9dafa8d76ba60a784a1016c3134e6a1e8`	affected	< 2f3dea284c761c890d676f77d5e55c0c496b4ef4
`a1d220d9dafa8d76ba60a784a1016c3134e6a1e8`	affected	< 0ad650e60150eda789deca5e78a6a09d26bf8fc9
`a1d220d9dafa8d76ba60a784a1016c3134e6a1e8`	affected	< e6b899f08066e744f89df16ceb782e06868bd148

Linux

affected

Version	Status	Constraints
`6.12`	affected	—
`0`	unaffected	< 6.12
`6.12.78`	unaffected	≤ 6.12.*
`6.18.20`	unaffected	≤ 6.18.*
`6.19.9`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[a1d220d9dafa8d76ba60a784a1016c3134e6a1e8,3376b345df155ca36d8611857b41ff7d5183fc38)`	affected	code_commit	—
`[a1d220d9dafa8d76ba60a784a1016c3134e6a1e8,2f3dea284c761c890d676f77d5e55c0c496b4ef4)`	affected	code_commit	—
`[a1d220d9dafa8d76ba60a784a1016c3134e6a1e8,0ad650e60150eda789deca5e78a6a09d26bf8fc9)`	affected	code_commit	—
`[a1d220d9dafa8d76ba60a784a1016c3134e6a1e8,e6b899f08066e744f89df16ceb782e06868bd148)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.12`	affected	semver	—
`[0,6.12)`	unaffected	semver	—
`[6.12.78,6.13.0)`	unaffected	semver	—
`[6.18.20,6.19.0)`	unaffected	semver	—
`[6.19.9,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the nsfs permission check fix.
If a kernel upgrade is not feasible, apply the upstream patch from the commit series starting at 0ad650e60150eda7 to the current kernel source and rebuild.
Review and restrict namespace exposure for privileged services, ensuring that only necessary namespaces are visible to each process, and disable unused namespace interfaces when possible.

Generated by OpenCVE AI on May 21, 2026 at 20:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00015.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0ad650e60150eda789deca5e78a6a09d26bf8fc9
https://git.kernel.org/stable/c/2f3dea284c761c890d676f77d5e55c0c496b4ef4
https://git.kernel.org/stable/c/3376b345df155ca36d8611857b41ff7d5183fc38
https://git.kernel.org/stable/c/e6b899f08066e744f89df16ceb782e06868bd148
https://lore.kernel.org/linux-cve-announce/2026050840-CVE-2026-43403-3869@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-43403
https://www.cve.org/CVERecord?id=CVE-2026-43403

History

Thu, 21 May 2026 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:7.0:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.0:rc2::::::

Mon, 11 May 2026 07:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}`

Sat, 09 May 2026 03:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-284 CWE-732

Sat, 09 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-280
References		https://lore.kernel.org/linux-cve-announce/2026050840-CVE-2026-43403-3869@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-43403 https://www.cve.org/CVERecord?id=CVE-2026-43403
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Fri, 08 May 2026 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284 CWE-732

Fri, 08 May 2026 14:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: nsfs: tighten permission checks for ns iteration ioctls Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts.
Title		nsfs: tighten permission checks for ns iteration ioctls
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0ad650e60150eda789deca5e78a6a09d26bf8fc9 https://git.kernel.org/stable/c/2f3dea284c761c890d676f77d5e55c0c496b4ef4 https://git.kernel.org/stable/c/3376b345df155ca36d8611857b41ff7d5183fc38 https://git.kernel.org/stable/c/e6b899f08066e744f89df16ceb782e06868bd148

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T14:21:44.204Z

Updated: 2026-05-11T22:23:54.491Z

Reserved: 2026-05-01T14:12:56.007Z

Link: CVE-2026-43403

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-08T15:16:51.783

Modified: 2026-05-21T19:23:20.050

Link: CVE-2026-43403

Redhat

Severity : Moderate

Publid Date: 2026-05-08T00:00:00Z

Links: CVE-2026-43403 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-21T21:00:16Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object