CVE-2026-45932 - Vulnerability Details

- bpf: Fix tcx/netkit detach permissions when prog fd isn't given

Description

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix tcx/netkit detach permissions when prog fd isn't given

This commit fixes a security issue where BPF_PROG_DETACH on tcx or
netkit devices could be executed by any user when no program fd was
provided, bypassing permission checks. The fix adds a capability
check for CAP_NET_ADMIN or CAP_SYS_ADMIN in this case.

Published: 2026-05-27

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the Linux kernel allowed any user to detach BPF programs from tcx or netkit devices using the BPF_PROG_DETACH mechanism when no program file descriptor was supplied. The kernel performed no capability check in this scenario, so an attacker could remove a BPF program controlling networking behavior without possessing CAP_NET_ADMIN or CAP_SYS_ADMIN, potentially altering packet handling or disrupting network services. The weakness is an improper authorization check (CWE‑284).

Affected Systems

The vulnerability is present in the Linux kernel shipped by all vendors before the fix commit. No specific version numbers are disclosed, so all kernels lacking the patch are considered affected.

Risk and Exploitability

The issue is a local exploit that can be exploited by any user on the system. There is no public CVSS score, and the EPSS score is not available. The vulnerability is not listed in CISA’s KEV catalog, suggesting no known widespread exploitation to date. Nevertheless, the potential to disrupt network functions or degrade security controls makes the risk moderate, and the attack vector is local user privilege.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`e420bed025071a623d2720a92bc2245c84757ecb`	affected	< 4e0772cded109c238411f2fac36ac39302758b81
`e420bed025071a623d2720a92bc2245c84757ecb`	affected	< 3f04cc1e5374da4c5e791ae010a06cfea7bacbe6
`e420bed025071a623d2720a92bc2245c84757ecb`	affected	< ae23bc81ddf7c17b663c4ed1b21e35527b0a7131

Linux

affected

Version	Status	Constraints
`6.6`	affected	—
`0`	unaffected	< 6.6
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[e420bed025071a623d2720a92bc2245c84757ecb,4e0772cded109c238411f2fac36ac39302758b81)`	affected	code_commit	—
`[e420bed025071a623d2720a92bc2245c84757ecb,3f04cc1e5374da4c5e791ae010a06cfea7bacbe6)`	affected	code_commit	—
`[e420bed025071a623d2720a92bc2245c84757ecb,ae23bc81ddf7c17b663c4ed1b21e35527b0a7131)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.6`	affected	generic	—
`[0,6.6)`	unaffected	semver	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the patch for the tcx/netkit detach permission issue.
If an updated kernel is not yet available, restrict the use of BPF_PROG_DETACH on tcx/netkit devices to users possessing CAP_NET_ADMIN or CAP_SYS_ADMIN, or disable the feature via kernel configuration if possible.
Apply the specific kernel commit (e.g., commit 3f04cc1e5374da4c5e791ae010a06cfea7bacbe6 or later) locally to enforce the capability check before detach operations.

Generated by OpenCVE AI on May 27, 2026 at 17:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/3f04cc1e5374da4c5e791ae010a06cfea7bacbe6
https://git.kernel.org/stable/c/4e0772cded109c238411f2fac36ac39302758b81
https://git.kernel.org/stable/c/ae23bc81ddf7c17b663c4ed1b21e35527b0a7131

History

Wed, 27 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPF_PROG_DETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission checks. The fix adds a capability check for CAP_NET_ADMIN or CAP_SYS_ADMIN in this case.
Title		bpf: Fix tcx/netkit detach permissions when prog fd isn't given
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/3f04cc1e5374da4c5e791ae010a06cfea7bacbe6 https://git.kernel.org/stable/c/4e0772cded109c238411f2fac36ac39302758b81 https://git.kernel.org/stable/c/ae23bc81ddf7c17b663c4ed1b21e35527b0a7131

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:50.353Z

Updated: 2026-05-27T12:17:50.353Z

Reserved: 2026-05-13T15:03:33.086Z

Link: CVE-2026-45932

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:09.173

Modified: 2026-05-27T14:48:03.013

Link: CVE-2026-45932

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-27T20:30:40Z

Weaknesses

CWE-284

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object