Linux Kernel Destination Reference Loop Vulnerability in IPv6 Lightweight Tunnels

Vulnerability

A vulnerability in the Linux kernel's handling of IPv6 lightweight tunnels can lead to destination reference loops. This issue arises when a lightweight tunnel's destination cache retains a reference to the tunnel itself, preventing the tunnel's state from being properly released. The problem was identified by the 'ioam6.sh' test, which discovered a per-CPU memory leak that could potentially be exploited. While it's unclear if the 'rpl' and 'seg6' tunnels can trigger this vulnerability, the possibility exists.

Impact

Exploitation of this vulnerability can cause memory leaks by creating reference loops that prevent the proper cleanup of tunnel states, potentially leading to increased memory usage and degradation of system performance.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Destination Reference Loop Vulnerability in IPv6 Lightweight Tunnels

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating