Public PoC and Exploit Details Released for IPV6_FRAG_ESCAPE on RHEL 10

Security researcher Massimiliano Oldani has published IPV6_FRAG_ESCAPE, a working proof-of-concept for an IPv6 container escape on CentOS and RHEL 10. The exploit details and PoC code are now public. The chain turns an unprivileged process inside an isolated container into a root shell on the host.

TL;DR

IPV6_FRAG_ESCAPE abuses a now-patched IPv6 fragmentation bug in the Linux kernel. The flaw sits in __ip6_append_data() and corrupts a packet’s own skb_shared_info. Oldani released the full chain publicly, and no CVE was assigned.

Why this IPv6 container escape matters

Container isolation is a core security boundary, and this bug breaks it. An attacker who already runs code inside a container can reach the host’s root filesystem.

Furthermore, the PoC needs only unprivileged user namespaces. Many CentOS and RHEL 10 systems enable them by default. As a result, the attack surface is wide on multi-tenant and cloud hosts.

How the attack works

The bug is an in-slab linear overflow. It writes past a packet buffer and into the skb_shared_info structure at its tail.

From there, the chain escalates step by step. First, the overflow flips one control byte and triggers a page use-after-free. Next, the freed page returns as a leaf page table, which yields arbitrary kernel read and write. Finally, the exploit rewrites process credentials and abuses core_pattern to spawn a root shell on the host.

Notably, Oldani documents the mechanism but withholds the trigger. His write-up explains the concept without shipping a turnkey weapon. You can read the full analysis in his LinkedIn breakdown of the escape.

Tested targets

Oldani confirmed the escape on two builds. CentOS Stream 10 ran kernel 6.12.0-242.el10. RHEL 10 ran kernel 6.12.0-228.el10. Both reached host root.

Affected versions

The PoC targets CentOS and RHEL 10 on the 6.12.x kernel line. It also needs 5-level paging and the default init_on_alloc setting. Moreover, the author notes that other kernels may fall to a different technique later.

Patch and mitigation

The upstream fix landed on 16 June 2026 as commit 736b380e28d0. It corrects the fragmentation arithmetic on the paged allocation path. Therefore, the first step is simple: update to a patched kernel.

If you cannot patch right away, restrict unprivileged user namespaces. Setting user.max_user_namespaces=0 blocks the documented path. The full PoC and exploitation notes sit in Oldani’s public GitHub repository.

Exploitation status

A public proof-of-concept now exists, because the author released it himself. However, no in-the-wild exploitation of IPV6_FRAG_ESCAPE has been confirmed. Still, defenders should patch quickly, since public code lowers the bar for attackers.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.