CVE-2026-53006
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix possible UAF in icmpv6_rcv()
Caching saddr and daddr before pskb_pull() is problematic since skb->head can change.
Remove these temporary variables:
We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr when net_dbg_ratelimited() is called in the slow path.
Avoid potential future misuse after pskb_pull() call.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < 7bff2c8fe5c35ae58bf73104f53db3676e6e5d94 | affected |
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < aff0f28f5be803de2452ce702631c021fcd9ce8a | affected |
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < 38bdbc897c0d83a3e2b925a51b69420f1feba29a | affected |
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < 0069813e6ca9309eca78022bcb3aeb1e9ef90a12 | affected |
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < 1e1f0f89ee4692a64be3f3707ff8ac1ae57b03e7 | affected |
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < 7c66b368c6ff453f99cb39d84af93e908e51eef2 | affected |
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < 085e31a811ef234ef8c3e219c4636dfebfe7e10f | affected |
| Linux | Linux | 4b3418fba0fe819197e3359d5ddbef84ba2c59de < f996edd7615e686ada141b7f3395025729ff8ccb | affected |
| Linux | Linux | 4.4 | affected |
| Linux | Linux | 0 < 4.4 | unaffected |
| Linux | Linux | 5.10.258 <= 5.10.* | unaffected |
| Linux | Linux | 5.15.209 <= 5.15.* | unaffected |
| Linux | Linux | 6.1.175 <= 6.1.* | unaffected |
| Linux | Linux | 6.6.141 <= 6.6.* | unaffected |
| Linux | Linux | 6.12.91 <= 6.12.* | unaffected |
| Linux | Linux | 6.18.33 <= 6.18.* | unaffected |
| Linux | Linux | 7.0.10 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
ADP Enrichment
kernel: ipv6: fix possible UAF in icmpv6_rcv()
Additional References
- https://access.redhat.com/security/cve/CVE-2026-53006
- https://bugzilla.redhat.com/show_bug.cgi?id=2492363
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53006.json
References
- https://git.kernel.org/stable/c/7bff2c8fe5c35ae58bf73104f53db3676e6e5d94
- https://git.kernel.org/stable/c/aff0f28f5be803de2452ce702631c021fcd9ce8a
- https://git.kernel.org/stable/c/38bdbc897c0d83a3e2b925a51b69420f1feba29a
- https://git.kernel.org/stable/c/0069813e6ca9309eca78022bcb3aeb1e9ef90a12
- https://git.kernel.org/stable/c/1e1f0f89ee4692a64be3f3707ff8ac1ae57b03e7
- https://git.kernel.org/stable/c/7c66b368c6ff453f99cb39d84af93e908e51eef2
- https://git.kernel.org/stable/c/085e31a811ef234ef8c3e219c4636dfebfe7e10f
- https://git.kernel.org/stable/c/f996edd7615e686ada141b7f3395025729ff8ccb
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.