In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1928717]
This flaw is rated as having Low impact because of the need to have elevated privileges and both configuration with the usage of IPV6.
To mitigate this issue, prevent the module xfrm6_tunnel from being loaded.
Please see https://access.redhat.com/solutions/41278 for information on how to blacklist a kernel module to prevent it from loading automatically.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This was fixed for Fedora with the 5.5.14 stable kernel updates.