Volerion logoVolerion
Volerion logoVolerion

Linux Kernel IPv6 Temporary Address Handling Use-After-Free Vulnerability

Vulnerability

A use-after-free vulnerability has been identified in the Linux kernel's IPv6 address management. This issue arises in the 'inet6_addr_del' function, where the 'ipv6_del_addr' call for temporary addresses was incorrectly positioned. As a result, the function attempted to delete an address before verifying its status, leading to a use-after-free condition. This vulnerability was reported by syzbot and is present in the Linux kernel stable tree.

Impact

Exploitation of this vulnerability leads to a use-after-free condition, which can commonly result in arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by adding a temporary IPv6 address to an interface and then removing it. The 'inet6_addr_del' function will be called, which will trigger the use-after-free condition by accessing the address after it has been freed.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Jan 25, 2026, 3:20 PM
Updated: Jan 25, 2026, 3:20 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
7.5
exploitability
3.8
remediation
7.7
relevance
2.3
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.