3.3
CVE-2026-46057
- EPSS 0.12%
- Veröffentlicht 27.05.2026 12:57:16
- Zuletzt bearbeitet 16.06.2026 14:54:00
- Quelle 416baaa9-dc9f-4396-8d5f-8c081f
- CVE-Watchlists
- Unerledigt
landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork()
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix LOG_SUBDOMAINS_OFF inheritance across fork() hook_cred_transfer() only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlock_restrict_self() which can set LOG_SUBDOMAINS_OFF on a credential without creating a domain (via the ruleset_fd=-1 path): the field is committed but not preserved across fork() because the child's prepare_creds() calls hook_cred_transfer() which skips the copy when domain is NULL. This breaks the documented use case where a process mutes subdomain logs before forking sandboxed children: the children lose the muting and their domains produce unexpected audit records. Fix this by unconditionally copying the Landlock credential blob.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 6.15 < 6.18.27
Linux ≫ Linux Kernel Version >= 6.19 < 7.0.4
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.02 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
https://git.kernel.org/stable/c/2fcde49092aac55d5beef43fdd3633217672f7d1
https://git.kernel.org/stable/c/1c513b8a00df13d231021e74ad92babb3fedf64a
https://git.kernel.org/stable/c/874c8f83826c95c62c21d9edfe9ef43e5c346724