Impact
In the Linux kernel the handling of MLD queries contains a use‑after‑free bug. A pointer to the multicast group address is stored in a packet structure during initial parsing and later dereferenced without reloading, after the skb may have been reallocated by pskb_may_pull() calls. This memory corruption can trigger a KASAN error and ultimately provide an attacker with a way to crash the kernel or execute arbitrary code. The weakness is a classic use‑after‑free (CWE‑825).
Affected Systems
All Linux kernel implementations that do not include the patch, regardless of distribution, are affected. No specific version ranges are listed in the advisory; therefore, any kernel that predates the fix is considered vulnerable.
Risk and Exploitability
The likely attack vector is a crafted MLD query sent over the network, as inferred from the description. The EPSS score is < 1% and the CVSS score is 8.8, classifying it as a high‑severity kernel use‑after‑free. The vulnerability is not listed in CISA’s KEV catalog, but the nature of the memory corruption could allow an attacker to crash the kernel or gain kernel‑level execution. Without a patch, the likelihood of active exploitation remains uncertain, though the potential impact is significant.
OpenCVE Enrichment
Debian DLA