Description
In the Linux kernel, the following vulnerability has been resolved:

net/rds: Restrict use of RDS/IB to the initial network namespace

Prevent using RDS/IB in network namespaces other than the initial one.
The existing RDS/IB code will not work properly in non-initial network
namespaces.
Published: 2026-06-24
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s net/rds module allows creation of remote datagram sockets in any network namespace, but the implementation fails to function correctly outside the initial namespace. This weakness, classified as CWE‑280 (Improper Restriction of Capability), can cause a denial of service by terminating RDS or InfiniBand operations when used in secondary namespaces. The flaw does not grant any additional privileges or data exfiltration, but it disrupts services that rely on RDS/IB communication.

Affected Systems

Any Linux kernel installation that includes the built‑in RDS/IB networking code is potentially affected. The issue applies to all mainstream kernels that ship with the stock RDS/IB modules enabled, regardless of distribution or edition.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity impact, while the EPSS score of < 1% indicates a very low likelihood of exploitation. The vulnerability is not listed in CISA’s KEV catalog, implying no publicly known exploits. Based on the description, the likely attack vector requires the ability to create or manipulate network namespaces, typically demanding privileged capabilities such as CAP_SYS_ADMIN. Local privileged users could trigger the denial of service within the affected namespace without escalating privileges beyond the scope of the namespace.

Generated by OpenCVE AI on June 28, 2026 at 13:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest kernel update that enforces the restriction of RDS/IB to the initial namespace.
  • If an update is not immediately available, disable the RDS and InfiniBand networking modules or enable a kernel configuration that prevents their use outside the initial network namespace.
  • Enable auditing or logging of socket creation events to detect attempts to use RDS or InfiniBand in non‑initial network namespaces.

Generated by OpenCVE AI on June 28, 2026 at 13:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4664-1 linux security update
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Sat, 27 Jun 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-346
CWE-665

Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-280
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-346
CWE-665

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: net/rds: Restrict use of RDS/IB to the initial network namespace Prevent using RDS/IB in network namespaces other than the initial one. The existing RDS/IB code will not work properly in non-initial network namespaces.
Title net/rds: Restrict use of RDS/IB to the initial network namespace
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:39:02.828Z

Reserved: 2026-06-09T07:44:35.383Z

Link: CVE-2026-53077

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53077 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T13:45:06Z

Weaknesses
  • CWE-280

    Improper Handling of Insufficient Permissions or Privileges