CVE-2026-49412

The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could free the multicast filter structure, leaving the handler with a stale pointer to freed memory. An unprivileged local user can exploit this use-after-free to escalate privileges.

CVSS

No CVSS.

References

Link	Resource
https://security.freebsd.org/advisories/FreeBSD-SA-26:29.ip6_multicast.asc

Configurations

No configuration.

History

27 Jun 2026, 09:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-27 09:16

Updated : 2026-06-27 09:16

NVD link : CVE-2026-49412

Mitre link : CVE-2026-49412

CVE.ORG link : CVE-2026-49412

JSON object : View

Products Affected

No product.

CWE

CWE-416

Use After Free

JSON object

Attach tags to CVE-2026-49412

Attach tags to `CVE-2026-49412`