Skip to main content

Linux Kernel CVE-2026-43390

| EUVDEUVD-2026-28696 MEDIUM
2026-05-08 Linux GHSA-j574-jvxx-m43q
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 08, 2026 - 11:34 vuln.today
CVSS changed
May 26, 2026 - 15:07 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
MEDIUM 5.5
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

nstree: tighten permission checks for listing

Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts.

AnalysisAI

Insufficient permission enforcement in the Linux kernel's nstree subsystem allows a local privileged service to enumerate namespace trees belonging to other co-located privileged services, breaking the isolation model that Linux namespaces are designed to enforce. Affected systems include those running Linux kernel versions prior to the fix commits in the 6.19.x stable series and the 7.0 upstream branch, with downstream impact confirmed by Red Hat and SUSE. No public exploit has been identified at time of analysis, and EPSS is 0.02% (5th percentile), making this a low-urgency but architecturally significant issue for multi-tenant and containerized deployments.

Technical ContextAI

The Linux kernel's nstree subsystem manages the hierarchical representation of process namespaces used to implement container isolation, cgroup boundaries, and service sandboxing. The root cause is the absence of the centralized may_see_all_namespaces() helper function in the nstree listing code path, which is responsible for enforcing inter-service namespace visibility policy. Without this gate, any privileged service holding sufficient local credentials could traverse another privileged service's namespace tree - a violation of the principle of least privilege in namespace access control. No CWE is formally assigned, though this aligns with CWE-863 (Incorrect Authorization) and CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The affected product is identified by CPE cpe:2.3:a:linux:linux:*:*:*:*:*:*:*:*, covering the upstream Linux kernel. The fix commits (8d76afe84fa2babf604b3c173730d4d2b067e361 and 0abd81645fc95ec6a9d4e4813000f22c5efc0ff4) introduce the centralized helper into the nstree listing path.

RemediationAI

The upstream fix is available via two stable kernel commits: 8d76afe84fa2babf604b3c173730d4d2b067e361 at https://git.kernel.org/stable/c/8d76afe84fa2babf604b3c173730d4d2b067e361 and 0abd81645fc95ec6a9d4e4813000f22c5efc0ff4 at https://git.kernel.org/stable/c/0abd81645fc95ec6a9d4e4813000f22c5efc0ff4. Upgrading to Linux kernel 6.19.9 or 7.0 (or later) resolves the issue per EUVD version data. Red Hat and SUSE users should monitor their vendor security channels for kernel errata incorporating these commits. As a compensating control where immediate patching is not feasible, administrators can constrain namespace listing access by applying mandatory access control (MAC) policies via SELinux or AppArmor to restrict which privileged services are permitted to perform nstree enumeration calls - note that overly broad restrictions may interfere with legitimate service discovery or container runtime operations and should be tested in staging environments before production deployment. Restricting shared-host co-tenancy of mutually untrusted privileged services (i.e., using separate physical or VM hosts) eliminates the cross-service exposure entirely.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43390 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy