CVE Catalog

CVE-2026-49412

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

In the kernel handler for IPV6_MSFILTER, a use-after-free vulnerability exists. The handler drops a serializing lock while copying the source-filter list from userspace, then reacquires the lock. During this window, another thread can free the multicast filter structure, leaving the handler with a stale pointer to freed memory.

Risk Assessment

An unprivileged local user can exploit this use-after-free to escalate privileges, potentially leading to full system compromise.

Recommendation

Apply the security patch provided by the operating system kernel vendor immediately. If a patch is unavailable, restrict local access to trusted users only.

Original NVD description (English source)

The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. An unprivileged local user can exploit this use-after-free to escalate privileges.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS