Linux Kernel IPvlan Uninitialized Value Vulnerability in Outbound IPv6 Processing

Vulnerability

A vulnerability in the Linux kernel's IPvlan networking component was identified, where the function 'ipvlan_process_v6_outbound()' incorrectly assumed that the IPv6 network header was fully available in the socket buffer's head. This oversight could lead to the use of uninitialized data, as the header may not have been properly pulled into the linear part of the socket buffer. The issue was addressed by adding the necessary 'pskb_network_may_pull()' calls for both IPv4 and IPv6 handlers, ensuring that the network headers are correctly processed before being used.

Impact

Exploitation of this vulnerability could lead to the use of uninitialized values in the IPv6 address handling, potentially causing incorrect routing decisions or other unintended behavior in network packet processing.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel IPvlan Uninitialized Value Vulnerability in Outbound IPv6 Processing

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating