Skip to main content

Linux Kernel CVE-2026-46324

| EUVDEUVD-2026-35414 HIGH
2026-06-09 Linux GHSA-42p7-8g8p-r7fh
7.8
CVSS 3.1 · Vendor: Linux
Share

Severity by source

Vendor (Linux) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.0 HIGH

Local netlink access with CAP_NET_ADMIN (PR:L), race condition raises AC to H, no user interaction, full kernel-memory compromise yields C/I/A:H.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
6.4 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Red Hat
7.0 MEDIUM
qualitative

Primary rating from Vendor (Linux).

CVSS VectorVendor: Linux

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 14, 2026 - 06:35 vuln.today
CVSS changed
Jun 14, 2026 - 06:22 NVD
7.8 (HIGH)
Patch available
Jun 09, 2026 - 14:01 EUVD
CVE Published
Jun 09, 2026 - 12:11 cve.org
HIGH 7.8
CVE Published
Jun 09, 2026 - 12:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

netfilter: nf_tables: use list_del_rcu for netlink hooks

nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers.

Add a new helper and use it consistently.

AnalysisAI

Local privilege escalation potential exists in the Linux kernel's netfilter nf_tables subsystem where netlink hook unregistration functions failed to use RCU-safe list removal while concurrent dumpers walked the same list. Affected paths are nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks, which previously used non-RCU list_del semantics and could race with readers, leading to memory corruption or use-after-free conditions on systems exposing nftables. No public exploit identified at time of analysis, and EPSS rates real-world exploitation likelihood at 0.02%.

Technical ContextAI

The bug lives in the Linux kernel netfilter framework (net/netfilter/nf_tables_api.c), which implements the nftables packet-filtering and flowtable infrastructure exposed to userspace via the netlink NFNL_SUBSYS_NFTABLES interface. Hook chains for netdev families and flowtables are kept in linked lists that can be traversed concurrently by netlink dumpers under RCU read-side locks; modifying these lists with plain list_del rather than list_del_rcu breaks the RCU contract and creates a torn-list / use-after-free race. The CWE field is not assigned in the provided data, but the defect class is a concurrency / RCU list-management bug (akin to CWE-416 / CWE-362). The CPE strings cpe:2.3:a:linux:linux:*:*:* identify the upstream Linux kernel, and the EUVD version list confirms the regression spans LTS branches including 4.19.316, 5.4.262, 5.10.198, 5.15.45, 5.17.13, 5.18.2, and 5.19 through to fixes in 6.18.33, 7.0.10 and 7.1-rc2.

RemediationAI

Vendor-released patch: Linux stable 6.18.33, 7.0.10, and mainline 7.1-rc2 - upgrade to the fixed kernel for your distribution's branch and reboot, or apply backports of the upstream commits 0bd93ce4f3c3, 0f33e8ad6ac5, and f3224ee463f8 referenced at https://git.kernel.org/stable/. If patching must be deferred, the practical compensating control is to prevent untrusted local users from issuing nftables/netlink configuration changes: restrict CAP_NET_ADMIN inside user namespaces by setting kernel.unprivileged_userns_clone=0 (or sysctl user.max_user_namespaces=0) and tighten seccomp/LSM policy on container runtimes so unprivileged workloads cannot reach the nf_tables netlink family - note this will break rootless containers and tools like podman/buildah that depend on user namespaces, and is not a substitute for the kernel update. Distribution advisories (RHSA, USN, DSA) should be checked once published.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Affected

Share

CVE-2026-46324 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy