CVE-2026-53006 PUBLISHED

ipv6: fix possible UAF in icmpv6_rcv()

Assigner: Linux
Reserved: 09.06.2026 Published: 24.06.2026 Updated: 28.06.2026

In the Linux kernel, the following vulnerability has been resolved:

ipv6: fix possible UAF in icmpv6_rcv()

Caching saddr and daddr before pskb_pull() is problematic since skb->head can change.

Remove these temporary variables:

We only access &ipv6_hdr(skb)->saddr and &ipv6_hdr(skb)->daddr when net_dbg_ratelimited() is called in the slow path.
Avoid potential future misuse after pskb_pull() call.

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

CVSS 3.1

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to 7bff2c8fe5c35ae58bf73104f53db3676e6e5d94 (excl.) affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to aff0f28f5be803de2452ce702631c021fcd9ce8a (excl.) affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to 38bdbc897c0d83a3e2b925a51b69420f1feba29a (excl.) affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to 0069813e6ca9309eca78022bcb3aeb1e9ef90a12 (excl.) affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to 1e1f0f89ee4692a64be3f3707ff8ac1ae57b03e7 (excl.) affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to 7c66b368c6ff453f99cb39d84af93e908e51eef2 (excl.) affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to 085e31a811ef234ef8c3e219c4636dfebfe7e10f (excl.) affected from 4b3418fba0fe819197e3359d5ddbef84ba2c59de to f996edd7615e686ada141b7f3395025729ff8ccb (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 4.4 is affected unaffected from 0 to 4.4 (excl.) unaffected from 5.10.258 to 5.10.* (incl.) unaffected from 5.15.209 to 5.15.* (incl.) unaffected from 6.1.175 to 6.1.* (incl.) unaffected from 6.6.141 to 6.6.* (incl.) unaffected from 6.12.91 to 6.12.* (incl.) unaffected from 6.18.33 to 6.18.* (incl.) unaffected from 7.0.10 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)