Skip to main content

Linux Kernel CVE-2026-43403

| EUVDEUVD-2026-28709 HIGH
2026-05-08 Linux GHSA-6ghr-3376-w3mq
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 11, 2026 - 08:32 vuln.today
CVSS changed
May 11, 2026 - 08:22 NVD
8.8 (HIGH)
Patch available
May 08, 2026 - 16:18 EUVD
CVE Published
May 08, 2026 - 14:21 nvd
UNKNOWN (no severity yet)
CVE Published
May 08, 2026 - 14:21 nvd
HIGH 8.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

nsfs: tighten permission checks for ns iteration ioctls

Even privileged services should not necessarily be able to see other privileged service's namespaces so they can't leak information to each other. Use may_see_all_namespaces() helper that centralizes this policy until the nstree adapts.

AnalysisAI

Namespace iteration ioctl permission bypass in Linux kernel allows local privileged users to enumerate namespaces of other privileged services, potentially leaking cross-service information. Affects kernel 6.12 through 6.19.x with patches available in 6.12.78, 6.18.20, 6.19.9, and mainline 7.0. The vulnerability has low EPSS (0.02%, 5th percentile) indicating minimal observed exploitation activity. Vendor patches deployed across stable kernel branches address the issue by enforcing stricter namespace visibility policies via the may_see_all_namespaces() helper.

Technical ContextAI

The Linux kernel namespace subsystem (nsfs) provides isolation boundaries for processes through mechanisms like PID, network, mount, and user namespaces. Namespace file descriptors expose ioctls for iterating and inspecting namespace hierarchies. Prior to this fix, permission checks on these iteration ioctls were insufficiently restrictive, allowing privileged processes (e.g., systemd services, container runtimes, security agents) with CAP_SYS_PTRACE or similar capabilities to discover and inspect namespaces belonging to other privileged services. This violates least-privilege principles where even root-equivalent services should have compartmentalized visibility. The vulnerability exists in code paths handling namespace iteration requests, specifically where the kernel decides whether a caller can enumerate or traverse namespace trees. The fix introduces centralized policy enforcement through may_see_all_namespaces() to restrict cross-service namespace visibility until the planned nstree architecture fully isolates namespace metadata.

RemediationAI

Update to patched kernel versions: 6.12.78 for longterm branch, 6.18.20 or 6.19.9 for stable branches, or 7.0+ for mainline. Patches available via git.kernel.org stable tree commits 3376b345df15 (mainline), 2f3dea284c76, 0ad650e60150, and e6b899f08066 (stable branches). Distributions should apply vendor-provided kernel updates incorporating these commits. No reboot-less mitigation exists for this kernel-level issue. Workaround for high-security environments unable to patch immediately: implement mandatory access control policies (SELinux, AppArmor) to deny CAP_SYS_PTRACE and namespace-related capabilities to non-essential privileged services, reducing cross-service inspection surface. This workaround degrades functionality of legitimate debugging and monitoring tools. For containerized workloads, use user namespaces with non-overlapping UID ranges and seccomp filters blocking namespace-related ioctls, though this only partially mitigates the issue as kernel-level services remain vulnerable. Verify patch application by checking kernel version with 'uname -r' matches patched releases.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43403 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy