Volerion logoVolerion
Volerion logoVolerion

Linux Kernel IPv6 Multicast Reference Management Vulnerability

Vulnerability

A vulnerability in the Linux kernel's IPv6 multicast handling has been addressed. The issue involved improper management of reference counts for multicast data, which could lead to use-after-free errors. Specifically, the problem arose in the 'mld_del_delrec' function, where the reference to the interface's multicast data was released before it was no longer needed, potentially allowing for invalid memory access. This vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to use-after-free errors, allowing for potential memory corruption or exploitation.

Reproduction

The vulnerability can be reproduced by manipulating multicast data in IPv6, specifically by adding and removing multicast addresses in a way that triggers the 'mld_del_delrec' function. This can be done using network tools that manage multicast addresses, such as 'ip' command-line utility.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: Aug 16, 2025, 12:23 PM
Updated: Aug 16, 2025, 12:23 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
2.5
exploitability
5.7
remediation
7.7
relevance
0.3
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.