Description
In the Linux kernel, the following vulnerability has been resolved:

ip6_vti: set netns_immutable on the fallback device.

john1988 and Noam Rathaus reported that vti6_init_net() does not set the
netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).

Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)
correctly set this flag during their fallback device initialization to
prevent them from being moved to another network namespace.
Published: 2026-06-19
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability affects the Linux kernel’s ip6_vti driver, where the fallback tunnel device ip6_vti0 is not marked with the netns_immutable flag. Because the flag is missing, the device can be moved into a different network namespace after creation. This flaw permits an attacker, with the ability to create or modify tunnel devices, to bypass namespace isolation and potentially elevate privileges or disrupt namespace‑scoped networking. The weakness aligns with improper or missing authorization controls that lead to privilege escalation.

Affected Systems

All Linux kernel releases that include the ip6_vti driver are susceptible, since the flaw resides in the vendor does not list a specific version range whether their kernel packages incorporate the patch referenced in the linked Git commits. Updating to a kernel that includes the fix or applying the patch manually addresses the issue across affected versions.

Risk and Exploitability

The CVSS score is 7.8 and the EPSS score is < 1%, indicating a very low exploitation probability. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the attack vector is local and requires an attacker with sufficient privileges to invoke ip6_vti initialization or to manipulate tunnel devices. If exploited, the defect could allow the attacker to re‑assign a tunnel device to another namespace, potentially enabling privilege escalation or denial of service within the affected host.

Generated by OpenCVE AI on June 28, 2026 at 13:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that sets netns_immutable on the ip6_vti fallback device, or install a kernel version that includes this fix.
  • Disable or restrict creation of ip6_vti fallback devices if the patch is not immediately available, limiting the ability to move devices between namespaces.
  • Monitor system logs for attempts to create or move ip6_vti0 devices to detect potential exploitation attempts.

Generated by OpenCVE AI on June 28, 2026 at 13:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6355-1 linux security update
History

Sat, 04 Jul 2026 12:15:00 +0000


Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Tue, 23 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
CWE-284

Tue, 23 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1188
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Fri, 19 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269

Fri, 19 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ip6_vti: set netns_immutable on the fallback device. john1988 and Noam Rathaus reported that vti6_init_net() does not set the netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0). Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel) correctly set this flag during their fallback device initialization to prevent them from being moved to another network namespace.
Title ip6_vti: set netns_immutable on the fallback device.
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-04T11:50:46.147Z

Reserved: 2026-06-09T07:44:35.366Z

Link: CVE-2026-52909

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-19T00:00:00Z

Links: CVE-2026-52909 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:00:21Z

Weaknesses
  • CWE-1188

    Initialization of a Resource with an Insecure Default