CVE-2026-43472

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An issue exists in the handling of unshare fs() within the unshare(2) system call. When CLONE NEWNS is present in the flags and current->fs has not been shared, copy mnt ns() receives current->fs instead of a private copy. If CLONE NEWCGROUP is also used and a subsequent operation like copy cgroup ns() fails (for example, due to -ENOMEM), the process is left with current->fs->root and current->fs->pwd pointing to detached isolated mounts. This occurs because the namespace created by copy mnt ns() is destroyed and its mount tree dissolved, but the pointers remain, leaving the calling process in an inconsistent state.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.