🟠 High | Source: Microsoft Security Response Center
CVE-2026-46321 is a kernel-level vulnerability in the Linux TUN/TAP network driver, specifically within the tun_xdp_one() function, where a memory page is not freed when a short frame is rejected during XDP (eXpress Data Path) processing. This can lead to a memory leak, and depending on the context, may be exploitable to cause denial of service or contribute to privilege escalation in virtualised or containerised Linux environments. Azure workloads running Linux VMs or containers may be affected if the underlying kernel is vulnerable.
Security Architect’s Take: Review Linux kernel versions in use across Azure Linux VMs, AKS node pools, and any container hosts, and apply vendor-supplied kernel patches promptly. Prioritise workloads with untrusted network input or multi-tenant exposure, where a memory leak in the TUN driver could be leveraged for denial of service.
Original advisory: CVE-2026-46321 tun: free page on short-frame rejection in tun_xdp_one()