CVE-2026-31683
Received Received - Intake
Buffer Overflow in Linux batman-adv Due to OGM Aggregation

Publication date: 2026-04-25

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while a later packet can still be selected for aggregation. Appending in this case can hit skb_put overflow conditions. Reject aggregation when the target skb tailroom cannot accommodate the new packet. The caller then falls back to creating a new forward packet instead of appending.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-25
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-04-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31683
Affected Vendors & Products
Showing 11 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel 7.0
linux linux_kernel From 6.2 (inc) to 6.6.130 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.203 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.167 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.78 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.20 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.10 (exc)
linux linux_kernel From 2.6.38 (inc) to 5.10.253 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's batman-adv module related to OGM (Originator Message) aggregation. When the OGM aggregation state is changed at runtime, a forwarded packet may have been allocated with only enough space for its current length. However, a later packet might still be selected for aggregation, which requires appending data. If the allocated buffer (skb tailroom) is insufficient to accommodate the appended data, this can cause an overflow condition in skb_put.

The fix involves rejecting aggregation when the target skb tailroom cannot hold the new packet, forcing the system to create a new forward packet instead of appending to the existing one.

Impact Analysis

This vulnerability can lead to a buffer overflow condition in the Linux kernel's networking code, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the overflow.

Mitigation Strategies

The vulnerability has been resolved by rejecting aggregation when the target skb tailroom cannot accommodate the new packet, causing the caller to create a new forward packet instead of appending.

To mitigate this vulnerability immediately, ensure your Linux kernel is updated to a version that includes this fix for batman-adv.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31683. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart