CVE-2026-53259

CVE-2026-53259 describes a Linux kernel slab-use-after-free in ipv6_acaddr handling. The bug occurs in the ipv6 anycast path where an aca (ipv6_acaddr) is published to idev->ac_list under idev->lock but inserted into the global inet6_acaddr_lst hash after unlock, allowing a concurrent teard...

CVE-2026-53259

In the Linux kernel, the following vulnerability has been resolved: ipv6: anycast: insert aca into global hash under idev-lock syzbot reported a splat 1: a slab-use-after-free in ipv6chkacastaddr, which walks the global inet6acaddrlst hash under RCU and dereferences a struct ifacaddr6 that has...

EUVD-2026-28623

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconfpermanentaddr The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the...

CVE-2022-48785 ipv6: mcast: use rcu-safe version of ipv6_get_lladdr()

In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: use rcu-safe version of ipv6getlladdr Some time ago 8965779d2c0e "ipv6,mcast: always hold idev-lock before mcalock" switched ipv6getlladdr to ipv6getlladdr, which is rcu-unsafe version. That was OK, because idev-lock...