Bug 2490789 (CVE-2026-52909)

Summary: CVE-2026-52909 kernel: ip6_vti: set netns_immutable on the fallback device
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: rhel-process-autobot, watson-tool-maintainers
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in the Linux kernel, specifically within the IPv6 Virtual Tunnel Interface (ip6_vti) component. This vulnerability occurs because a critical flag, netns_immutable, is not properly set on a specific network device (ip6_vti0) when it is initialized. This oversight could allow the device to be moved between different network environments (network namespaces) within the system. Such unauthorized movement might lead to unexpected network configurations or potential security issues.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-06-19 15:02:15 UTC 
In the Linux kernel, the following vulnerability has been resolved:

ip6_vti: set netns_immutable on the fallback device.

john1988 and Noam Rathaus reported that vti6_init_net() does not set the
netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).

Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)
correctly set this flag during their fallback device initialization to
prevent them from being moved to another network namespace.
Comment 1 Keith Grant 2026-06-22 13:31:23 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026061933-CVE-2026-52909-253f@gregkh/T