CVE-2026-46057 Linux CVE debrief

Who should care

Organizations using Landlock sandboxing with audit log muting, security teams monitoring Linux kernel LSM behavior, and developers implementing privilege separation patterns that rely on LOG_SUBDOMAINS_OFF persistence across process creation

Technical summary

The Landlock Linux Security Module (LSM) contains a logic error in hook_cred_transfer() where the credential blob copy is conditional on domain presence. When landlock_restrict_self() sets LOG_SUBDOMAINS_OFF via the ruleset_fd=-1 path, no domain is created, so the flag is committed but not preserved across fork(). The fix unconditionally copies the Landlock credential blob, ensuring LOG_SUBDOMAINS_OFF inheritance matches documented behavior.

Defensive priority

medium

Recommended defensive actions

• Review Landlock-enabled applications that use LOG_SUBDOMAINS_OFF muting before fork() to ensure they are running patched kernels
• Audit unexpected subdomain audit log generation in sandboxed child processes as a potential indicator of this bug
• Apply kernel updates containing the referenced stable commits when available through distribution channels
• Verify that processes relying on landlock_restrict_self() with ruleset_fd=-1 for log muting behave correctly after fork() on patched systems

Evidence notes

The vulnerability description and fix are drawn from the CVE record published 2026-05-27. The issue affects Landlock's credential inheritance path specifically when LOG_SUBDOMAINS_OFF is set without an associated domain. Three kernel.org stable commits are referenced as source material. No CVSS score or severity has been assigned by NVD as of the modified date (2026-05-27T14:48:03Z).

Official resources