SB20260425191 - Use-after-free in Linux kernel ipv6



SB20260425191 - Use-after-free in Linux kernel ipv6

Published: April 25, 2026

Security Bulletin ID SB20260425191
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Local access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Use-after-free (CVE-ID: CVE-2026-31680)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a use-after-free in ip6fl_seq_show() when reading /proc/net/ip6_flowlabel concurrently with flowlabel release. A local user can trigger concurrent access to dereference freed option state and cause a denial of service.

The issue occurs because the flowlabel remains reachable through the global hash table under RCU after its option state has been freed.


Remediation

Install update from vendor's website.