CVE Catalog

CVE-2026-53006

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

29th percentile — higher than 29% of all known CVEs

Summary

A vulnerability was found in the Linux kernel's icmpv6_rcv() function for IPv6. Caching source and destination addresses before calling pskb_pull() can lead to a use-after-free (UAF) because pskb_pull() may change the skb->head pointer.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to kernel memory, potentially leading to privilege escalation or data leakage.

Recommendation

It is recommended to immediately update the Linux kernel to a version containing the fix that removes temporary variables and ensures safe references to the IPv6 header.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in icmpv6_rcv() Caching saddr and daddr before pskb_pull() is problematic since skb->head can change. Remove these temporary variables: - We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr when net_dbg_ratelimited() is called in the slow path. - Avoid potential future misuse after pskb_pull() call.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS