CVE-2026-31692

Summary

In the Linux kernel, the following vulnerability has been resolved:

rtnetlink: add missing netlink_ns_capable() check for peer netns

rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net.

Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer namespace before allowing device creation to proceed.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux81adee47dfb608df3ad0b91d230fb3cef75f0060 < 0975b64ffb34560042090a5986c3a02e6c80f36faffected
LinuxLinux81adee47dfb608df3ad0b91d230fb3cef75f0060 < d04cc16d3624218a5458b2b664ae431f1b3b334daffected
LinuxLinux81adee47dfb608df3ad0b91d230fb3cef75f0060 < 7b735ef81286007794a227ce2539419479c02a5faffected
LinuxLinux2.6.33affected
LinuxLinux0 < 2.6.33unaffected
LinuxLinux6.18.24 <= 6.18.*unaffected
LinuxLinux6.19.14 <= 6.19.*unaffected
LinuxLinux7.0 <= *unaffected

Weaknesses

References