Medium severity5.5NVD Advisory· Published Apr 30, 2026· Updated May 6, 2026
CVE-2026-31692
CVE-2026-31692
Description
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: add missing netlink_ns_capable() check for peer netns
rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network namespace when creating paired devices (veth, vxcan, netkit). This allows an unprivileged user with a user namespace to create interfaces in arbitrary network namespaces, including init_net.
Add a netlink_ns_capable() check for CAP_NET_ADMIN in the peer namespace before allowing device creation to proceed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
16cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.33,<6.18.24
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*
- osv-coords8 versionspkg:apk/chainguard/linux-aws-6.12pkg:apk/chainguard/linux-aws-6.18pkg:apk/chainguard/linux-azure-6.12pkg:apk/chainguard/linux-azure-6.18pkg:apk/chainguard/linux-gcp-6.18pkg:apk/chainguard/linux-qemu-6.18pkg:apk/chainguard/linux-vmware-6.12pkg:apk/chainguard/linux-vmware-6.18
< 6.12.85-r2+ 7 more
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.31-r0
- (no CPE)range: < 6.18.24-r3
- (no CPE)range: < 6.12.85-r2
- (no CPE)range: < 6.18.31-r0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.