CVE-2026-43472

In the Linux kernel, the following vulnerability has been resolved: unshare: fix unsharefs handling There's an unpleasant corner case in unshare2, when we have a CLONENEWNS in flags and current-fs hadn't been shared at all; in that case copymntns gets passed current-fs instead of a private copy,...

CVE-2026-43472

The CVE describes a Linux kernel unshare(2) bug: when CLONE_NEWNS is requested and current->fs wasn’t previously shared, copy_mnt_ns() could receive a non-private fs_struct. If copy_mnt_ns() succeeds but a subsequent copy_cgroup_ns() fails, the destroyed namespace can leave current->fs->...