Disable IPv6 by setting either LinkLocalAddressing=ipv4 or
+
LinkLocalAddressing=no in the corresponding network configuration file.
Impact
+
A remote attacker is able to cause arbitrary code execution by advertising itself as a DHCPv6 server with a specially crafted server- id. A local attacker can escalate privileges with a specially crafted service or a crafted symlink.