HIGHCVE-2026-43339Published Modified CNA Linux
CVE-2026-43339: ipv6: prevent possible UaF in addrconf_permanent_addr()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the statement to avoid the possible UaF; while at it, place the warning outside the idev->lock as it needs no protection.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
025357b670afb5b517096da783abaa5cc4bf8359e2d88ed7fa000e19c2dc0fa31b3a849e3f5bca5c13cd4efb5df72843dfac892d0b3c7a4a8bd926b655.10.2535.15.2036.1.1686.6.1346.12.816.18.226.19.127.07bfafa1b0cd582983ebec6bb20f0a435528fe5677d9f2f4aabd116ca68fbdab5d8fb8dac74c2ea1ebacc7f31085c9820922f00bc7d79756ffa13123aeec49a33611f20336b357b3953df44f1a02049e8fd63f185979b047fb22a0dfc6bd94d0cab6a6a70
Affected packages
- Linux / Linux< eec49a33611f20336b357b3953df44f1a02049e8 (from f1705ec197e705b79ea40fe7a2cc5acfa1d3bfac) · < bacc7f31085c9820922f00bc7d79756ffa13123a (from f1705ec197e705b79ea40fe7a2cc5acfa1d3bfac) · < 7bfafa1b0cd582983ebec6bb20f0a435528fe567 (from f1705ec197e705b79ea40fe7a2cc5acfa1d3bfac) · < 7d9f2f4aabd116ca68fbdab5d8fb8dac74c2ea1e (from f1705ec197e705b79ea40fe7a2cc5acfa1d3bfac) · < 25357b670afb5b517096da783abaa5cc4bf8359e (from f1705ec197e705b79ea40fe7a2cc5acfa1d3bfac) · < 3cd4efb5df72843dfac892d0b3c7a4a8bd926b65 (from f1705ec197e705b79ea40fe7a2cc5acfa1d3bfac)
- Linux / Linux4.6Fixed in 0, 5.10.253, 5.15.203, 6.1.168, 6.6.134, 6.12.81, 6.18.22, 6.19.12, 7.0
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H