In the Linux kernel, a high-severity vulnerability identified as CVE-2025-21759 has been discovered. This vulnerability allows a potential use-after-free (UAF) condition due to the improper handling of the ipv6: mcast functionality in the igmp6_send() function. The severity level is rated at 7.8 based on the CVSS 3.1 scoring system, indicating a serious risk that could impact the confidentiality, integrity, and availability of affected systems.
Risk to organizations includes the possibility of exploitation by local attackers, which could lead to unauthorized access or manipulation of system resources. The vulnerability is particularly concerning because it can be triggered without requiring RTNL or RCU being held, creating a window for potential malicious actions.
Organizations should prioritize patching immediately to mitigate risks associated with this flaw. The urgency for defenders is high given the potential for local exploitation and the critical nature of the vulnerability.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)