CVE-2026-52909 PUBLISHED

ip6_vti: set netns_immutable on the fallback device.

Assigner: Linux
Reserved: 09.06.2026 Published: 19.06.2026 Updated: 19.06.2026

In the Linux kernel, the following vulnerability has been resolved:

ip6_vti: set netns_immutable on the fallback device.

john1988 and Noam Rathaus reported that vti6_init_net() does not set the netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).

Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel) correctly set this flag during their fallback device initialization to prevent them from being moved to another network namespace.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 61220ab349485d911083d0b7990ccd3db6c63297 to ecf8904067dcba0dad86ece80874841e60317885 (excl.) affected from 61220ab349485d911083d0b7990ccd3db6c63297 to dcdce3bc9f08026ff3739ee7339e1bef526fc5f3 (excl.) affected from 61220ab349485d911083d0b7990ccd3db6c63297 to d289d5307762d1838aaece22c6b6fcad9e8865f9 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 3.15 is affected unaffected from 0 to 3.15 (excl.) unaffected from 6.18.36 to 6.18.* (incl.) unaffected from 7.0.13 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-52909 PUBLISHED

ip6_vti: set netns_immutable on the fallback device.

Product Status

References