Volerion logoVolerion
Volerion logoVolerion

Linux Kernel IPv6 Use-After-Free Vulnerability in Permanent Address Handling

Vulnerability

A use-after-free vulnerability has been addressed in the Linux kernel's IPv6 address management. The issue arose in the 'addrconf_permanent_addr' function, where a warning about an exceptional condition was delayed, allowing access to an IPv6 address after it could have been deleted. This vulnerability affects the Linux kernel stable group.

Impact

Exploitation of this vulnerability could lead to a use-after-free condition, potentially allowing for memory corruption or other unintended behavior.

Reproduction

The vulnerability can be reproduced by triggering the 'addrconf_permanent_addr' function with an IPv6 address marked as permanent. The function will process the address, but if an exceptional condition occurs, it will attempt to delete the address after the warning has already been issued, creating a use-after-free scenario.

Remediation

Users can upgrade to the latest version of the Linux kernel stable group, where this vulnerability has been fixed.

Added: May 8, 2026, 3:11 PM
Updated: May 8, 2026, 3:11 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
7.8
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.