GHSA-f2fg-xhhc-4m4wCriticalCVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in...

Published
June 24, 2026
Last Modified
June 28, 2026

🔗 CVE IDs covered (1)

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in icmpv6_rcv()

Caching saddr and daddr before pskb_pull() is problematic since skb->head can change.

Remove these temporary variables:

  • We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr when net_dbg_ratelimited() is called in the slow path.

  • Avoid potential future misuse after pskb_pull() call.

🔗 References (10)