Improper access control in Linux kernel - CVE-2026-45932
Published: May 28, 2026
Vulnerability identifier: #VU132553
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-45932
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to bypass permission checks.
The vulnerability exists due to improper access control in BPF_PROG_DETACH for tcx or netkit devices when detaching a program without providing a program file descriptor. A local user can invoke the detach operation without the required capability checks to bypass permission checks.
The issue occurs only when no program file descriptor is supplied to the detach operation.
How to mitigate CVE-2026-45932
Install security update from vendor's repository.