Impact
A potential use‑after‑free (UAF) vulnerability was discovered in the Linux kernel’s IPv6 handling, specifically within the icmpv6_rcv() function. The flaw arises when source and destination addresses are cached before the pskb_pull() operation, which can relocate skb->head and lead to a dangling pointer. If an attacker can trigger the incorrect inference, they could corrupt kernel memory or gain arbitrary code execution on the host, thereby compromising system integrity and enabling privilege escalation.
Affected Systems
All Linux kernel implementations that include the standard IPv6 stack, as the fix is part of the Linux kernel repository. The vulnerability applies to any kernel version prior to the commit that removed the temporary variables; no specific affected revision list is supplied.
Risk and Exploitability
it is inferred that a network‑based attack via crafted ICMPv6 packets can exploit the UAF. This use‑after‑free flaw can corrupt kernel memory or enable code execution with kernel privileges. The CVSS score of 9.8 indicates high severity for the flaw. The EPSS score is less than 1 very low but nonzero exploitation probability. The vulnerability is not listed in CISA’s KEV catalog, so no additional mitigation is known. An attacker who successfully exploits the flaw could gain arbitrary code execution, potentially compromising or disabling the affected system.
OpenCVE Enrichment
Debian DLA