CVE-2026-31683
Buffer Overflow in Linux batman-adv Due to OGM Aggregation
Publication date: 2026-04-25
Last updated on: 2026-04-27
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| batman-adv | batman-adv | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been resolved by rejecting aggregation when the target skb tailroom cannot accommodate the new packet, causing the caller to create a new forward packet instead of appending.
To mitigate this vulnerability immediately, ensure your Linux kernel is updated to a version that includes this fix for batman-adv.
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's batman-adv module related to OGM (Originator Message) aggregation. When the OGM aggregation state is changed at runtime, a forwarded packet may have been allocated with only enough space for its current length. However, a later packet might still be selected for aggregation, which requires appending data. If the allocated buffer (skb tailroom) is insufficient to accommodate the appended data, this can cause an overflow condition in skb_put.
The fix involves rejecting aggregation when the target skb tailroom cannot hold the new packet, forcing the system to create a new forward packet instead of appending to the existing one.
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow condition in the Linux kernel's networking code, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or cause denial of service by exploiting the overflow.