A flaw was found in the Linux kernel prior to version 5.3.4. Affected code was introduced in a recent patch of fib6_rule_lookup in net/ipv6/ip6_fib.c in the IPv6 subsystem of the kernel which was found to mishandle the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to a crash. Availability is the highest threat from this vulnerability.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.