CVE-2026-52978
Received Received - Intake
BaseFortify

Publication date: 2026-06-24

Last updated on: 2026-06-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: net: psp: require admin permission for dev-set and key-rotate The dev-set and key-rotate netlink operations modify shared device state (PSP version configuration and cryptographic key material, respectively) but do not require CAP_NET_ADMIN. The only access control is psp_dev_check_access() which merely verifies netns membership.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-24
Last Modified
2026-06-24
Generated
2026-06-25
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2026-52978
EUVD
EUVD-2026-38846
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's net subsystem, specifically related to the PSP (Platform Security Processor) feature. The issue is that certain netlink operations, namely dev-set and key-rotate, which modify shared device state such as PSP version configuration and cryptographic key material, do not require the CAP_NET_ADMIN capability for execution.

Instead, the only access control in place is psp_dev_check_access(), which only verifies network namespace membership, not administrative privileges. This means that unprivileged users within the same network namespace could potentially perform sensitive operations that should require administrative rights.

Impact Analysis

Because the dev-set and key-rotate operations can be executed without proper administrative permissions, an attacker or unprivileged user within the same network namespace could modify critical device state or cryptographic keys.

This could lead to unauthorized changes in security configurations or cryptographic material, potentially compromising the security of the system or the confidentiality and integrity of communications relying on these keys.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-52978. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart