CVE-2026-46233
Memory Leak in Linux Kernel batman-adv BLA Component
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's batman-adv component, specifically in the handling of claims within the bla (batadv_bla) module.
The function batadv_bla_purge_claims() traverses a list of claims using an rcu_read_lock(). However, due to concurrent operations by batadv_claim_put(), it may encounter a claim that is in the process of being released and freed by batadv_claim_release().
In such cases, the backbone_gw pointer is set to NULL before the delayed RCU kfree is executed. If batadv_bla_claim_get_backbone_gw() is called on such a claim, it results in a NULL pointer dereference, causing a potential crash or undefined behavior.
The fix ensures that only claims with a valid reference counter are purged, preventing access to claims that are already being freed.
How can this vulnerability impact me? :
This vulnerability can lead to a NULL pointer dereference in the Linux kernel's batman-adv module.
Such a NULL pointer dereference can cause the kernel to crash or behave unpredictably, potentially leading to denial of service (DoS) conditions on affected systems.
Systems relying on the batman-adv module for mesh networking or related functionality may experience instability or outages due to this issue.