Impact
A use‑after‑free flaw exists in the FreeBSD kernel IPv6 multicast filtering code. The kernel releases a serialized lock while copying a list of source filters from user space, then re‑acquires the lock. During this interval another thread may free the multicast filter structure, leaving the kernel with a stale pointer that can be dereferenced. The flaw allows any unprivileged local user to trigger an access to freed memory and potentially gain root privileges.
Affected Systems
FreeBSD operating systems running the kernel with the IPV6_MSFILTER socket option enabled are affected. The issue is present in all current releases of the FreeBSD kernel that have not yet been patched by the vendor.
Risk and Exploitability
The vulnerability provides a local privilege escalation path. With a CVSS score of 7.8, it is considered a high severity issue. The EPSS score of <1% indicates a low exploitation probability. As it is not listed in the CISA KEV catalog, there are no known active exploits in the wild. Successful exploitation would give an attacker full control of the host.
OpenCVE Enrichment