CVE-2026-43339
Use-After-Free in Linux Kernel IPv6 Networking
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's IPv6 implementation, specifically in the function addrconf_permanent_addr(). It involves a possible Use-after-Free (UaF) condition where the code attempts to warn the user about an exceptional condition, but the warning message is delivered too late, causing access to IPv6 data after it may have been deleted.
The fix involved reordering the statements to avoid the Use-after-Free scenario and moving the warning message outside of a lock that was not necessary for protection.
How can this vulnerability impact me? :
A Use-after-Free vulnerability can lead to undefined behavior such as system crashes, data corruption, or potentially allow an attacker to execute arbitrary code with kernel privileges. In this case, since it affects the Linux kernel's IPv6 address configuration, it could impact system stability or security when handling IPv6 addresses.