CVE-2026-52909

In the Linux kernel, the following vulnerability has been resolved:

ip6 vti: set netns immutable on the fallback device.

john1988 and Noam Rathaus reported that vti6 init net() does not set the netns immutable flag on the per-netns fallback tunnel device (ip6 vti0).

Other similar tunnel drivers (like ip6 tunnel, sit, ip6 gre, and ip tunnel) correctly set this flag during their fallback device initialization to prevent them from being moved to another network namespace.