ipv6: fix possible UAF in icmpv6_rcv()_CVE-2026-53006

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in icmpv6_rcv()

Caching saddr and daddr before pskb_pull() is problematic
since skb->head can change.

Remove these temporary variables:

- We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr
when net_dbg_ratelimited() is called in the slow path.

- Avoid potential future misuse after pskb_pull() call.

AI Analysis

Use-after-free vulnerability in the Linux kernel's ipv6_rcv function, allowing remote attackers to potentially execute arbitrary code or cause a denial of service.

Basic Information

ID CVE-2026-53006

Source Linux

Published Jun 24, 2026 at 16:29

Modified Jun 28, 2026 at 06:37

Affected Product

Vendor Linux

Product Linux

Version 4b3418fba0fe819197e3359d5ddbef84ba2c59de

Affected Versions Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de
Linux Linux 4.4

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Linux

Product Linux Kernel

Version 4.4, 4b3418fba0fe819197e3359d5ddbef84ba2c59de

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible UAF in icmpv6_rcv()\n\nCaching saddr and daddr before pskb_pull() is problematic\nsince skb->head can change.\n\nRemove these temporary variables:\n\n- We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr\n  when net_dbg_ratelimited() is called in the slow path.\n\n- Avoid potential future misuse after pskb_pull() call.",
    "published": "2026-06-24T16:29:17.691Z",
    "modified": "2026-06-28T06:37:57.367Z",
    "type": "cve",
    "title": "ipv6: fix possible UAF in icmpv6_rcv()",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/7bff2c8fe5c35ae58bf73104f53db3676e6e5d94\nhttps://git.kernel.org/stable/c/aff0f28f5be803de2452ce702631c021fcd9ce8a\nhttps://git.kernel.org/stable/c/38bdbc897c0d83a3e2b925a51b69420f1feba29a\nhttps://git.kernel.org/stable/c/0069813e6ca9309eca78022bcb3aeb1e9ef90a12\nhttps://git.kernel.org/stable/c/1e1f0f89ee4692a64be3f3707ff8ac1ae57b03e7\nhttps://git.kernel.org/stable/c/7c66b368c6ff453f99cb39d84af93e908e51eef2\nhttps://git.kernel.org/stable/c/085e31a811ef234ef8c3e219c4636dfebfe7e10f\nhttps://git.kernel.org/stable/c/f996edd7615e686ada141b7f3395025729ff8ccb",
    "id": "CVE-2026-53006",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4b3418fba0fe819197e3359d5ddbef84ba2c59de\nLinux Linux 4.4",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "4b3418fba0fe819197e3359d5ddbef84ba2c59de",
    "vendor": "Linux",
    "ai_description": "Use-after-free vulnerability in the Linux kernel's ipv6_rcv function, allowing remote attackers to potentially execute arbitrary code or cause a denial of service.",
    "ai_severity": "Critical",
    "ai_vendor": "Linux",
    "ai_product": "Linux Kernel",
    "ai_version": "4.4, 4b3418fba0fe819197e3359d5ddbef84ba2c59de",
    "ai_score": 9.8
}