Jiri Wiesner

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A vulnerability in the Linux kernel has been resolved, related to the net/ipv6 module. The issue occurs when an ICMPv6 packet indicating a change of the MTU for the path is received, resulting in an exception dst being created. If a TCP connection that uses the exception dst for routing packets starts timing out, and the FIB6 garbage collector does not run before TCP executes ip6 negative advice() for the expired exception dst, a dst leak can occur. This leak can cause an unbalanced refcount to be reported for the loopback device of a net namespace being destroyed. The vulnerability is not present in the IPv4 version, ipv4 negative advice(). **Recommendations** To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider disabling the `ip6 negative advice()` function until a patch is available. Restrict access to the vulnerable module `net/ipv6` to minimize the risk of exploitation. Avoid using the `dst init()` and `dst hold()` functions in the affected API endpoint until the issue is resolved.