Use-after-free in Linux kernel - CVE-2026-53259
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a use-after-free in ipv6 anycast address handling in net/ipv6/anycast.c when racing anycast address insertion and device teardown. A local attacker can trigger concurrent anycast join and teardown operations to cause a denial of service.
The issue occurs because a freed ifacaddr6 object can remain linked in the global inet6_acaddr_lst[] hash and later be dereferenced by readers under RCU.