{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52978", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.376Z", "datePublished": "2026-06-24T16:28:54.809Z", "dateUpdated": "2026-06-24T16:28:54.809Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:28:54.809Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: psp: require admin permission for dev-set and key-rotate\n\nThe dev-set and key-rotate netlink operations modify shared device\nstate (PSP version configuration and cryptographic key material,\nrespectively) but do not require CAP_NET_ADMIN. The only access\ncontrol is psp_dev_check_access() which merely verifies netns\nmembership."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["Documentation/netlink/specs/psp.yaml", "net/psp/psp-nl-gen.c"], "versions": [{"version": "00c94ca2b99e6610e483f92e531b319eeaed94aa", "lessThan": "aa1a08a4632af5d1117779e7ff0e32e3c69f29bd", "status": "affected", "versionType": "git"}, {"version": "00c94ca2b99e6610e483f92e531b319eeaed94aa", "lessThan": "fb88a8c86109edb15971481e3de816a8bfdfe571", "status": "affected", "versionType": "git"}, {"version": "00c94ca2b99e6610e483f92e531b319eeaed94aa", "lessThan": "b718342a7fbaa2dff5fefc31988c07af8c6cbc21", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["Documentation/netlink/specs/psp.yaml", "net/psp/psp-nl-gen.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/aa1a08a4632af5d1117779e7ff0e32e3c69f29bd"}, {"url": "https://git.kernel.org/stable/c/fb88a8c86109edb15971481e3de816a8bfdfe571"}, {"url": "https://git.kernel.org/stable/c/b718342a7fbaa2dff5fefc31988c07af8c6cbc21"}], "title": "net: psp: require admin permission for dev-set and key-rotate", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: net: psp: require admin permission for dev-set and key-rotate", "id": "2492424", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492424"}, "csaw": false, "cwe": "CWE-266", "details": ["A flaw was found in the Linux kernel's Platform Security Processor (PSP) networking component. A local user without administrative privileges could exploit this vulnerability by utilizing the `dev-set` and `key-rotate` netlink operations. These operations, which modify sensitive PSP version configuration and cryptographic key material, did not properly enforce administrator permissions. This could lead to unauthorized modification of critical system security settings and cryptographic keys."], "name": "CVE-2026-52978", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-52978\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-52978\nhttps://lore.kernel.org/linux-cve-announce/2026062441-CVE-2026-52978-fa50@gregkh/T"]}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[00c94ca2b99e6610e483f92e531b319eeaed94aa,aa1a08a4632af5d1117779e7ff0e32e3c69f29bd)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[00c94ca2b99e6610e483f92e531b319eeaed94aa,fb88a8c86109edb15971481e3de816a8bfdfe571)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[00c94ca2b99e6610e483f92e531b319eeaed94aa,b718342a7fbaa2dff5fefc31988c07af8c6cbc21)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.18"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,6.18)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[6.18.33,6.18.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.0.10,7.0.*]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-24T19:00:06.720145+00:00", "updated": "2026-06-26T02:45:16.425821+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-266", "CWE-284"]}