CVE-2026-46208
Analyzed Analyzed - Analysis Complete
TP Meter Session Leak in batman-adv Kernel Module

Publication date: 2026-05-28

Last updated on: 2026-06-10

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink request has already finished. When the mesh interface is removed, batadv_mesh_free() currently tears down the mesh without first draining these sessions. A running sender thread or a late incoming tp_meter packet can then keep processing against a mesh instance which is already shutting down. Synchronize tp_meter with the mesh lifetime by stopping all active sessions from batadv_mesh_free() and waiting for sender threads to exit before teardown continues.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-06-10
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-46208
EUVD
EUVD-2026-32835
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 6.13 (inc) to 6.18.32 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.90 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.9 (exc)
linux linux_kernel From 4.8 (inc) to 6.6.140 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The vulnerability is resolved by ensuring that all active tp_meter sessions are stopped and sender threads are waited on before the mesh teardown continues.

Immediate mitigation steps include updating the Linux kernel to a version where batman-adv properly stops tp_meter sessions during mesh teardown, preventing processing against a mesh instance that is shutting down.

Executive Summary

This vulnerability exists in the Linux kernel's batman-adv component, specifically related to the handling of tp_meter sessions during mesh network teardown.

The issue occurs because tp_meter sessions remain linked after the netlink request has finished, and when the mesh interface is removed, the mesh teardown function does not properly stop these sessions first.

As a result, a running sender thread or a late incoming tp_meter packet can continue processing against a mesh instance that is already shutting down, which can lead to inconsistent or unexpected behavior.

The fix involves synchronizing the tp_meter sessions with the mesh lifetime by stopping all active sessions and waiting for sender threads to exit before continuing with the teardown.

Impact Analysis

This vulnerability can cause processing to continue on a mesh network instance that is already shutting down, potentially leading to unstable or unpredictable behavior in the network.

Such behavior might result in resource leaks, crashes, or data inconsistencies within the mesh networking component of the Linux kernel.

However, specific impacts such as data loss, security breaches, or denial of service are not explicitly detailed in the provided information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46208. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart