CVE-2026-52978

EUVD-2026-38846
In the Linux kernel, the following vulnerability has been resolved:

net: psp: require admin permission for dev-set and key-rotate

The dev-set and key-rotate netlink operations modify shared device
state (PSP version configuration and cryptographic key material,
respectively) but do not require CAP_NET_ADMIN. The only access
control is psp_dev_check_access() which merely verifies netns
membership.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.170-3
fixed
bookworm (security)
6.1.174-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.257-1
fixed
forky
7.0.12-2
fixed
sid
7.0.13-1
fixed
trixie
6.12.86-1
fixed
trixie (security)
6.12.94-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/aa1a08a4632af5d1117779e7ff0e32e3c69f29bd
https://git.kernel.org/stable/c/b718342a7fbaa2dff5fefc31988c07af8c6cbc21
https://git.kernel.org/stable/c/fb88a8c86109edb15971481e3de816a8bfdfe571