Impact
The vulnerability affects the Linux kernel’s ip6_vti driver, where the fallback tunnel device ip6_vti0 is not marked with the netns_immutable flag. Because the flag is missing, the device can be moved into a different network namespace after creation. This flaw permits an attacker, with the ability to create or modify tunnel devices, to bypass namespace isolation and potentially elevate privileges or disrupt namespace‑scoped networking. The weakness aligns with improper or missing authorization controls that lead to privilege escalation.
Affected Systems
All Linux kernel releases that include the ip6_vti driver are susceptible, since the flaw resides in the vendor does not list a specific version range whether their kernel packages incorporate the patch referenced in the linked Git commits. Updating to a kernel that includes the fix or applying the patch manually addresses the issue across affected versions.
Risk and Exploitability
The CVSS score is 7.8 and the EPSS score is < 1%, indicating a very low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector is local and requires an attacker with sufficient privileges to invoke ip6_vti initialization or to manipulate tunnel devices. If exploited, the defect could allow the attacker to re‑assign a tunnel device to another namespace, potentially enabling privilege escalation or denial of service within the affected host.
OpenCVE Enrichment
Debian DLA
Debian DSA