MNBSD-2026-23: use-after-free in IP/IPv6 multicast source filter handling

Severity: Unknown

Affected Package: kernel

Summary: use-after-free in IP/IPv6 multicast source filter handling

Description

IP_MSFILTER and IPV6_MSFILTER processing dropped the INP lock while holding pointers into mutable socket multicast membership data, creating a use-after-free race. Fixed by copying the source filter arrays before operating on socket multicast state. Ports the FreeBSD SA-26:29 ip6_multicast fix.

Affected Versions

kernel

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2026-49412

Published: June 11, 2026
Last Modified: June 11, 2026