In the Linux kernel, the following vulnerability has been resolved:
landlock: Fix LOGSUBDOMAINSOFF inheritance across fork()
hookcredtransfer() only copies the Landlock security blob when the source credential has a domain. This is inconsistent with landlockrestrictself() which can set LOGSUBDOMAINSOFF on a credential without creating a domain (via the rulesetfd=-1 path): the field is committed but not preserved across fork() because the child's preparecreds() calls hookcredtransfer() which skips the copy when domain is NULL.
This breaks the documented use case where a process mutes subdomain logs before forking sandboxed children: the children lose the muting and their domains produce unexpected audit records.
Fix this by unconditionally copying the Landlock credential blob.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46057.json",
"cna_assigner": "Linux"
}