Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local, low-priv attacker able to create a netns and use RDS/IB (AV:L/PR:L/AC:L); information disclosure (C:H) and instability/DoS (A:H) per description and tag, with no clear integrity impact (I:N).
Primary rating from Vendor (Linux).
CVSS VectorVendor: Linux
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Restrict use of RDS/IB to the initial network namespace
Prevent using RDS/IB in network namespaces other than the initial one. The existing RDS/IB code will not work properly in non-initial network namespaces.
AnalysisAI
Improper network-namespace isolation in the Linux kernel's net/rds InfiniBand transport (RDS/IB) lets a local user operating in a non-initial network namespace trigger faulty RDS/IB behavior, because the existing code was never written to function correctly outside the initial netns. The upstream fix restricts RDS/IB to the initial network namespace entirely. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) local access to the host with at least low privileges (PR:L); (2) the RDS subsystem and its InfiniBand backend (rds, rds_rdma/ib modules) loaded and usable, which is not the default on most distributions and typically presupposes RDMA/InfiniBand-capable hardware or emulation; and (3) the attacker exercising RDS/IB from a NON-INITIAL network namespace - the bug does not manifest in the initial netns. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and lean toward modest real-world risk despite the 7.8 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A local user (or a process inside a container) with permission to create a network namespace loads or uses the RDS/IB socket family and opens RDS sockets from within that non-initial namespace, driving the kernel through code paths that assume the initial netns. Given AV:L/AC:L, this can be done reliably from a local shell with low privileges, resulting in kernel instability or disclosure of initial-namespace state to the secondary namespace. … |
| Remediation | Apply the vendor kernel update for your stable series - Vendor-released patch: upgrade to 5.10.258, 5.15.209, 6.1.175, 6.6.141, 6.12.91, 6.18.33, or 7.0.10/7.1 or later as appropriate for your tree (commits at https://git.kernel.org/stable/c/fb407343c0c16e94584707b2dfdd350a5f81b000 and the related stable hashes such as https://git.kernel.org/stable/c/c244b79adffad89a5173cf8bfaa06a6b40bbd09b). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify systems running Linux kernel with active RDS/IB support and audit container host configurations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38945
GHSA-8q5h-9r4j-rfj7