PT-2026-53062 · Undefined · Undefined
Published
2026-06-27
·
Updated
2026-06-27
·
CVE-2026-49412
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The kernel handler for IPV6 MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory.
An unprivileged local user can exploit this use-after-free to escalate privileges.
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Undefined