🟠 High | Source: Microsoft Security Response Center
CVE-2026-46320 is a memory management vulnerability in the Linux kernel’s TAP (network tap) driver, specifically in the tap_get_user_xdp() function, where a page is incorrectly freed on certain error paths. This type of use-after-free or double-free bug can potentially be exploited to corrupt kernel memory, leading to privilege escalation or system instability. The issue is relevant to Azure environments where Linux-based virtual machines or containerised workloads rely on TAP/XDP networking interfaces.
Security Architect’s Take: Review your Azure Linux VM and container workloads that use TAP interfaces or XDP-accelerated networking, and prioritise applying the relevant kernel patch once available via your distribution’s update channel or Azure’s platform update mechanism. Until patched, consider restricting untrusted workloads from accessing TAP devices where possible.
Original advisory: CVE-2026-46320 tap: free page on error paths in tap_get_user_xdp()