CVE-2026-49412
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
In the kernel handler for IPV6_MSFILTER, a use-after-free vulnerability exists. The handler drops a serializing lock while copying the source-filter list from userspace, then reacquires the lock. During this window, another thread can free the multicast filter structure, leaving the handler with a stale pointer to freed memory.
Risk Assessment
An unprivileged local user can exploit this use-after-free to escalate privileges, potentially leading to full system compromise.
Recommendation
Apply the security patch provided by the operating system kernel vendor immediately. If a patch is unavailable, restrict local access to trusted users only.
Original NVD description (English source)
The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. An unprivileged local user can exploit this use-after-free to escalate privileges.

