A vulnerability does not need a CVE to become operationally urgent. It needs exposure, a working exploit path, and defenders waiting for a scanner rule that does not exist yet.
That is the awkward part of IPV6_FRAG_ESCAPE: a Linux kernel 6.12 bug with public proof-of-concept code, no CVE or CVSS score at disclosure time, and a path from an unprivileged process inside a container to root on the host.
TL;DR
- IPV6_FRAG_ESCAPE is a local privilege escalation in the Linux IPv6 packet assembly path, centered on
__ip6_append_data().- Public PoC code targets CentOS / RHEL 10-style 6.12 kernels and demonstrates container escape to host root under specific conditions.
- Traficom’s National Cyber Security Centre Finland warned on July 2, 2026 that the issue had no CVE or CVSS score and that exploitation had not been observed at that time.
- AlmaLinux 10 has a patched testing kernel:
kernel-6.12.0-211.28.2.el10_2or later. AlmaLinux 8 and 9 are not affected.- If you cannot patch immediately, evaluate disabling unprivileged user namespaces or enabling allocation zeroing, with clear awareness of the workload impact.
Why This Matters
Most vulnerability programs are built around identifiers. CVE appears, advisory lands, scanner signature updates, ticket gets created, patch window begins. IPV6_FRAG_ESCAPE arrived in a less convenient order.
The upstream Linux fix was already visible. A public PoC was published. AlmaLinux moved ahead with a backport. Finland’s NCSC issued a vulnerability advisory. But at the time of those advisories, there was no CVE identifier for many asset-management and vulnerability-scanning workflows to key on.
That makes the real question simple: do you know where you run Linux 6.12 kernels on container hosts, CI runners, shared developer systems, or multi-tenant platforms?
If the answer is “we wait for the scanner,” this is exactly the kind of bug that punishes that habit.
What The Bug Is
AlmaLinux describes the bug as an arithmetic error in __ip6_append_data(), a kernel function involved in assembling outgoing IPv6 packets. Under the vulnerable path, fragmented IPv6 traffic built through a UDP socket using MSG_SPLICE_PAGES can cause the kernel to undersize an allocation and write past the end of the socket buffer head into skb_shared_info.
That corruption matters because skb_shared_info tracks fragment metadata. The public exploit chain uses that corruption to build a page use-after-free, turn it into kernel read/write, manipulate credentials, weaken SELinux enforcement behavior, and escape through core_pattern into the host’s initial namespaces.
The exact exploit is not magic. It is a kernel memory-corruption chain with several environmental assumptions. The operational result is what defenders should focus on: code running as an unprivileged user inside a container can become root on the host when the target kernel and configuration match.
Affected Systems
The confirmed center of gravity is Enterprise Linux 10-family systems using the 6.12 kernel line.
| Platform | Status from current public sources |
|---|---|
| AlmaLinux 10 | Affected; patched kernel available in testing at kernel-6.12.0-211.28.2.el10_2 or later |
| AlmaLinux Kitten 10 | Affected; AlmaLinux advised temporary mitigation until a patched Kitten kernel ships |
| AlmaLinux 8 / 9 | Not affected according to AlmaLinux |
| CentOS Stream 10 | Vulnerable according to AlmaLinux’s analysis of the shared 6.12 code path |
| RHEL 10 | Vulnerable according to AlmaLinux and the public PoC scope; check Red Hat errata before relying on this as final vendor status |
The public PoC itself scopes testing to CentOS Stream 10 and RHEL 10-style kernels. It also documents prerequisites such as unprivileged user namespaces, five-level paging, world-readable BTF data, and CONFIG_INIT_ON_ALLOC_DEFAULT_ON being off. Those requirements limit copy-paste reliability, but they do not make the underlying bug harmless.
TuxCare’s analysis makes a useful defensive distinction: some systems may have the bug present while the current public technique is blocked or unreliable. Treat that as “needs vendor confirmation and patch tracking,” not “safe.”
Why CVE-Less Bugs Are Harder To Operate
No CVE means no stable handle. Your CMDB may not have a vulnerability record. Your exposure platform may not flag the host. Your patch dashboard may show green while the kernel still contains the vulnerable code.
This is where security operations has to switch from identifier-driven work to fact-driven work:
- Which systems run a 6.12 kernel derived from the affected Enterprise Linux 10 code path?
- Which of those systems run containers, CI jobs, shared shells, build workloads, or untrusted customer code?
- Which of those allow unprivileged user namespaces?
- Which can take an emergency kernel update and reboot?
- Which need a temporary mitigation because reboot timing is constrained?
For single-user workstations, the local-access requirement matters. For container platforms, it matters less. A compromised web app, malicious CI job, exposed notebook, or poisoned build step is already “local code execution” from the kernel’s point of view.
Detection And Triage
Do not expect a clean single event. Kernel LPE exploitation often looks like normal local activity until the final privilege transition.
Useful signals to correlate:
- Container or child process crashes followed by an unexpected privileged process on the host.
- Changes to
/proc/sys/kernel/core_pattern, especially values beginning with|. - Unusual creation of user namespaces on systems that should not need rootless containers or sandboxing.
- Suspicious access to
/sys/kernel/btf/vmlinuxfrom containerized workloads. - Sudden changes in SELinux denial behavior where enforcement still appears enabled.
For audit-based environments, start with namespace creation and core_pattern monitoring:
# Watch user namespace creation on x86_64-a always,exit -F arch=b64 -S clone -F a0&0x10000000 -k userns_create-a always,exit -F arch=b64 -S unshare -F a0&0x10000000 -k userns_create
# Watch writes to core_pattern-w /proc/sys/kernel/core_pattern -p wa -k core_pattern_changeTreat these as investigation leads, not proof of exploitation. The absence of these events is not proof that the host was safe during the exposure window.
If an affected container host ran untrusted or semi-trusted workloads while the vulnerable kernel was active, prioritize deeper review after patching. That review should include workload history, container runtime logs, unexpected privileged host processes, kernel logs around crashes, and any changes to host-level security policy.
What To Do Now
1. Identify exposed 6.12 kernels
uname -rrpm -q kernelPrioritize container hosts, CI runners, shared developer systems, jump boxes, and anything that runs code from users or pipelines you do not fully trust.
2. Patch and reboot
On AlmaLinux 10, AlmaLinux published a patched testing kernel:
sudo dnf install -y almalinux-release-testingsudo dnf update 'kernel*' --enablerepo=almalinux-testingsudo rebootAfter reboot:
uname -rrpm -q kernelLook for kernel-6.12.0-211.28.2.el10_2 or later on AlmaLinux 10. Do not treat “package installed” as fixed until the running kernel is the patched one.
3. Disable the testing repo after emergency use
sudo dnf config-manager --disable almalinux-testingLeaving a testing repository enabled on a production host can create a different reliability problem. Use it intentionally, then turn it off.
4. Use mitigation only as a stop-gap
AlmaLinux recommends disabling unprivileged user namespaces on systems that do not require them:
sudo sysctl -w user.max_user_namespaces=0echo 'user.max_user_namespaces = 0' | sudo tee /etc/sysctl.d/99-ipv6-frag-escape.confThis can break rootless Podman, unprivileged LXC, browser sandboxing assumptions, and some CI workloads. If those workloads matter, patching and rebooting is the cleaner answer.
TuxCare also points to init_on_alloc=1 as a way to block the current public technique on affected systems. That is a kernel boot setting, not a universal fix for the bug. Validate performance and workload impact before rolling it broadly.
The Defensive Lesson
IPV6_FRAG_ESCAPE is not a mass internet RCE. It is narrower and still serious: a container-boundary failure on a modern kernel line, with public exploit code and a disclosure sequence that outran normal CVE-first operations.
The right response is not panic. It is asset clarity. Find Linux 6.12 container hosts, patch the ones that can be patched, mitigate the ones that cannot, and do not wait for a CVE record to tell you whether host root from a container matters.
Related Posts
- pedit COW & DirtyClone: Two New Linux Root Exploits That Bypass On-Disk Integrity Checks - recent Linux kernel LPE chains where traditional integrity controls are weak.
- Dirty Frag & Copy Fail: Two New Linux Kernel Vulnerabilities Grant Root Privileges - context for Linux page and packet handling bugs turning into root.
- Linux Privilege Escalation: Attack Techniques and How to Detect Them - broader Linux post-exploitation and detection coverage.
- Kubernetes and Container Security: Attack Chains and Defenses - container isolation assumptions and hardening practices.
Sources
- Traficom NCSC-FI - Linux kernel 6.12-version critical vulnerability
- AlmaLinux - IPV6_FRAG_ESCAPE vulnerability fix: Call for testing
- sgkdev - IPV6_FRAG_ESCAPE proof of concept
- TuxCare - The IPv6 Fragmentation Flaw That Breaks Container Isolation Across EL10
- Linux upstream merge - account for fraggap on paged allocation paths