PT-2026-44243 · Linux · Linux Kernel

Published

2026-05-28

·

Updated

2026-07-14

·

CVE-2026-46120

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A slab-use-after-free occurs in the ip6erspan changelink() function. The issue arises because the function uses dev net(dev) instead of the cached t->net, which causes the tunnel to be inserted into the incorrect per-netns hash after an IFLA NET NS FD migration. This results in a stale entry remaining in the original network namespace. When that namespace is destroyed, ip6gre exit rtnl net() processes the stale entry, leading to a kernel BUG in unregister netdevice many notify(). This can be reached by an unprivileged user namespace.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46120
ECHO-B600-41BF-D837
OPENSUSE-SU-2026:10954-1
SUSE-SU-2026:22433-1
SUSE-SU-2026:22436-1
SUSE-SU-2026:22458-1
SUSE-SU-2026:22460-1
SUSE-SU-2026:2630-1
SUSE-SU-2026:2631-1
SUSE-SU-2026:2632-1
SUSE-SU-2026:2638-1
SUSE-SU-2026:2658-1
SUSE-SU-2026:2799-1
SUSE-SU-2026:2800-1
SUSE-SU-2026:2855-1
SUSE-SU-2026:2857-1
SUSE-SU-2026:2858-1
SUSE-SU-2026:2862-1
SUSE-SU-2026:2863-1
SUSE-SU-2026:2864-1
SUSE-SU-2026:2866-1
SUSE-SU-2026:2867-1
SUSE-SU-2026:2868-1
SUSE-SU-2026:2887-1
SUSE-SU-2026:2888-1
SUSE-SU-2026:2889-1
SUSE-SU-2026:2890-1
SUSE-SU-2026:2894-1
SUSE-SU-2026:2895-1
SUSE-SU-2026:2899-1
SUSE-SU-2026:2902-1
SUSE-SU-2026:2910-1
SUSE-SU-2026:2920-1
SUSE-SU-2026:2930-1
SUSE-SU-2026:2932-1
SUSE-SU-2026:2933-1
SUSE-SU-2026:2937-1
SUSE-SU-2026:2938-1
SUSE-SU-2026:2943-1
SUSE-SU-2026:2945-1
SUSE-SU-2026:2956-1
SUSE-SU-2026:2957-1
SUSE-SU-2026:2961-1
SUSE-SU-2026:2989-1
SUSE-SU-2026:2991-1
SUSE-SU-2026:2993-1

Affected Products

Linux Kernel