CVE-2026-52978 - Vulnerability Details - OpenCVE

In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state (PSP version configuration and cryptographic key material, respectively) but do not require CAP_NET_ADMIN. The only access control is psp_dev_check_access() which merely verifies netns membership.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://git.kernel.org/stable/c/aa1a08a4632af5d1117779e7ff0e32e3c69f29bd
https://git.kernel.org/stable/c/b718342a7fbaa2dff5fefc31988c07af8c6cbc21
https://git.kernel.org/stable/c/fb88a8c86109edb15971481e3de816a8bfdfe571

History

Wed, 24 Jun 2026 19:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284

Wed, 24 Jun 2026 17:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state (PSP version configuration and cryptographic key material, respectively) but do not require CAP_NET_ADMIN. The only access control is psp_dev_check_access() which merely verifies netns membership.
Title		net: psp: require admin permission for dev-set and key-rotate
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/aa1a08a4632af5d1117779e7ff0e32e3c69f29bd https://git.kernel.org/stable/c/b718342a7fbaa2dff5fefc31988c07af8c6cbc21 https://git.kernel.org/stable/c/fb88a8c86109edb15971481e3de816a8bfdfe571

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-24T16:28:54.809Z

Updated: 2026-06-24T16:28:54.809Z

Reserved: 2026-06-09T07:44:35.376Z

Link: CVE-2026-52978

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-24T19:00:06Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-52978", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.376Z", "datePublished": "2026-06-24T16:28:54.809Z", "dateUpdated": "2026-06-24T16:28:54.809Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-24T16:28:54.809Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: psp: require admin permission for dev-set and key-rotate\n\nThe dev-set and key-rotate netlink operations modify shared device\nstate (PSP version configuration and cryptographic key material,\nrespectively) but do not require CAP_NET_ADMIN. The only access\ncontrol is psp_dev_check_access() which merely verifies netns\nmembership."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["Documentation/netlink/specs/psp.yaml", "net/psp/psp-nl-gen.c"], "versions": [{"version": "00c94ca2b99e6610e483f92e531b319eeaed94aa", "lessThan": "aa1a08a4632af5d1117779e7ff0e32e3c69f29bd", "status": "affected", "versionType": "git"}, {"version": "00c94ca2b99e6610e483f92e531b319eeaed94aa", "lessThan": "fb88a8c86109edb15971481e3de816a8bfdfe571", "status": "affected", "versionType": "git"}, {"version": "00c94ca2b99e6610e483f92e531b319eeaed94aa", "lessThan": "b718342a7fbaa2dff5fefc31988c07af8c6cbc21", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["Documentation/netlink/specs/psp.yaml", "net/psp/psp-nl-gen.c"], "versions": [{"version": "6.18", "status": "affected"}, {"version": "0", "lessThan": "6.18", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.33", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.10", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "6.18.33"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.0.10"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.18", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/aa1a08a4632af5d1117779e7ff0e32e3c69f29bd"}, {"url": "https://git.kernel.org/stable/c/fb88a8c86109edb15971481e3de816a8bfdfe571"}, {"url": "https://git.kernel.org/stable/c/b718342a7fbaa2dff5fefc31988c07af8c6cbc21"}], "title": "net: psp: require admin permission for dev-set and key-rotate", "x_generator": {"engine": "bippy-1.2.0"}}}}