<0.1% probability · 11.9th percentile — 2026-05-12
Affected versions
Unpatched Linux kernel versions with vulnerable IPv6 implementation
Summary
This vulnerability exists in the Linux kernel's IPv6 sendmsg ancillary-data processing path. A mismatch between a 16-bit length accumulator and destination options header pointer allows a local attacker to trigger an overflow that leads to a kernel panic. Successful exploitation results in denial of service, and potential for privilege escalation cannot be ruled out.
Remediation
Apply the latest official Linux kernel security update that resolves this issue. Test the patch on non-production systems before deploying to production environments. If immediate patching is not possible, restrict local access to untrusted users on affected systems.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.