CVE-2026-43339

Published: May 8, 2026Modified: May 15, 2026

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 (Secondary)

Description

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition, but the message is delivered too late, accessing the ipv6 after its possible deletion. Reorder the statement to avoid the possible UaF; while at it, place the warning outside the idev->lock as it needs no protection.

Affected (14)

Products: Linux: Linux Kernel

Linux

1 product

Linux Kernel

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 4.6 to 5.10.253
Linux Linux Kernel	From 5.11 to 5.15.203
Linux Linux Kernel	From 5.16 to 6.1.168
Linux Linux Kernel	From 6.13 to 6.18.22
Linux Linux Kernel	From 6.19 to 6.19.12
Linux Linux Kernel	From 6.2 to 6.6.134
Linux Linux Kernel	From 6.7 to 6.12.81
Linux Linux Kernel	Version 7.0 rc1
Linux Linux Kernel	Version 7.0 rc2
Linux Linux Kernel	Version 7.0 rc3
Linux Linux Kernel	Version 7.0 rc4
Linux Linux Kernel	Version 7.0 rc5
Linux Linux Kernel	Version 7.0 rc6
Linux Linux Kernel	Version 7.0 rc7