{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52909", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.366Z", "datePublished": "2026-06-19T14:43:33.214Z", "dateUpdated": "2026-06-28T06:36:26.193Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-28T06:36:26.193Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_vti: set netns_immutable on the fallback device.\n\njohn1988 and Noam Rathaus reported that vti6_init_net() does not set the\nnetns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).\n\nOther similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)\ncorrectly set this flag during their fallback device initialization to\nprevent them from being moved to another network namespace."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ip6_vti.c"], "versions": [{"version": "61220ab349485d911083d0b7990ccd3db6c63297", "lessThan": "ecf8904067dcba0dad86ece80874841e60317885", "status": "affected", "versionType": "git"}, {"version": "61220ab349485d911083d0b7990ccd3db6c63297", "lessThan": "dcdce3bc9f08026ff3739ee7339e1bef526fc5f3", "status": "affected", "versionType": "git"}, {"version": "61220ab349485d911083d0b7990ccd3db6c63297", "lessThan": "d289d5307762d1838aaece22c6b6fcad9e8865f9", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["net/ipv6/ip6_vti.c"], "versions": [{"version": "3.15", "status": "affected"}, {"version": "0", "lessThan": "3.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.15", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/ecf8904067dcba0dad86ece80874841e60317885"}, {"url": "https://git.kernel.org/stable/c/dcdce3bc9f08026ff3739ee7339e1bef526fc5f3"}, {"url": "https://git.kernel.org/stable/c/d289d5307762d1838aaece22c6b6fcad9e8865f9"}], "title": "ip6_vti: set netns_immutable on the fallback device.", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: ip6_vti: set netns_immutable on the fallback device", "id": "2490789", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2490789"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-1188", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nip6_vti: set netns_immutable on the fallback device.\njohn1988 and Noam Rathaus reported that vti6_init_net() does not set the\nnetns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).\nOther similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)\ncorrectly set this flag during their fallback device initialization to\nprevent them from being moved to another network namespace.", "A flaw was found in the Linux kernel, specifically within the IPv6 Virtual Tunnel Interface (ip6_vti) component. This vulnerability occurs because a critical flag, netns_immutable, is not properly set on a specific network device (ip6_vti0) when it is initialized. This oversight could allow the device to be moved between different network environments (network namespaces) within the system. Such unauthorized movement might lead to unexpected network configurations or potential security issues."], "name": "CVE-2026-52909", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52909\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52909\nhttps://lore.kernel.org/linux-cve-announce/2026061933-CVE-2026-52909-253f@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[61220ab349485d911083d0b7990ccd3db6c63297,ecf8904067dcba0dad86ece80874841e60317885)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[61220ab349485d911083d0b7990ccd3db6c63297,dcdce3bc9f08026ff3739ee7339e1bef526fc5f3)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[61220ab349485d911083d0b7990ccd3db6c63297,d289d5307762d1838aaece22c6b6fcad9e8865f9)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.15"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,3.15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.36,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.13,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-19T20:45:03.531507+00:00", "updated": "2026-06-28T14:00:21.101023+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}