CVE-2026-45917 Linux CVE debrief

Who should care

Organizations running Linux kernels with IPVS enabled for load balancing, particularly cloud providers, hosting providers, and enterprises using Linux Virtual Server (LVS) for high-availability services. Systems with dynamic network interface configuration changes are at elevated risk.

Technical summary

The vulnerability is a race condition in `net/netfilter/ipvs/ip_vs_ctl.c` where `ip_vs_dst_event()` (a netdev notifier) competes with code caching `dest_dst` structures. When a network device is brought down, the FIB notification may arrive after IPVS has processed the down event, allowing a valid route to be cached with a device that is closing. This leaks a reference to the device until the destination is removed. The mitigation adds `netif_running()` checks to prevent attaching new `dest_dst` entries when the device is not running, closing the race window.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable branches when available for your distribution
• Monitor kernel stable releases for backports to affected long-term support (LTS) kernels
• Review systems using IPVS (IP Virtual Server) for load balancing, particularly those with dynamic network interface changes
• Consider network namespace isolation to limit blast radius of kernel networking bugs
• Enable kernel lockdown and secure boot where supported to prevent unauthorized kernel module loading

Evidence notes

CVE published 2026-05-27. NVD status: Awaiting Analysis. No CVSS score assigned. Kernel.org stable branch commits provided as references.

Official resources