Linux Kernel IPv6 Multicast RCU Protection Vulnerability

Vulnerability

A vulnerability in the Linux kernel's IPv6 multicast handling has been addressed. The issue arose because the function 'mld_newpack()' could be called without the necessary RCU (Read-Copy-Update) or RTNL (Routing Netlink) protections. This vulnerability is present in the IPv6 IGMP (Internet Group Management Protocol) socket handling, which used allocations that could sleep, creating a potential for race conditions. The vulnerability has been resolved by adding RCU protection to 'mld_newpack()' and adjusting the socket allocation method to ensure proper synchronization.

Impact

Exploitation of this vulnerability could lead to race conditions in the IPv6 multicast handling, potentially causing unexpected behavior in network packet processing.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel IPv6 Multicast RCU Protection Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating