CVE-2026-45932 PUBLISHED

bpf: Fix tcx/netkit detach permissions when prog fd isn't given

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

bpf: Fix tcx/netkit detach permissions when prog fd isn't given

This commit fixes a security issue where BPF_PROG_DETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission checks. The fix adds a capability check for CAP_NET_ADMIN or CAP_SYS_ADMIN in this case.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from e420bed025071a623d2720a92bc2245c84757ecb to 4e0772cded109c238411f2fac36ac39302758b81 (excl.) affected from e420bed025071a623d2720a92bc2245c84757ecb to 3f04cc1e5374da4c5e791ae010a06cfea7bacbe6 (excl.) affected from e420bed025071a623d2720a92bc2245c84757ecb to ae23bc81ddf7c17b663c4ed1b21e35527b0a7131 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.6 is affected unaffected from 0 to 6.6 (excl.) unaffected from 6.18.14 to 6.18.* (incl.) unaffected from 6.19.4 to 6.19.* (incl.) unaffected from 7.0 to * (incl.)

CVE-2026-45932 PUBLISHED

bpf: Fix tcx/netkit detach permissions when prog fd isn't given

Product Status

References