CVE-2026-45932
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability in the Linux kernel has been fixed that allowed BPF_PROG_DETACH on tcx or netkit devices to be executed by any user when no program fd was provided. The fix adds a capability check for CAP_NET_ADMIN or CAP_SYS_ADMIN.
Risk Assessment
This vulnerability could lead to unauthorized access to network management functions, posing a risk to system integrity. Organizations could be exposed to attacks that might affect the security of their infrastructure.
Recommendation
It is recommended to update the Linux kernel to the latest version to eliminate this vulnerability. Additionally, an audit of user permissions in the system should be conducted.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix tcx/netkit detach permissions when prog fd isn't given This commit fixes a security issue where BPF_PROG_DETACH on tcx or netkit devices could be executed by any user when no program fd was provided, bypassing permission checks. The fix adds a capability check for CAP_NET_ADMIN or CAP_SYS_ADMIN in this case.

