CVE-2026-46238
BaseFortify
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| batman-adv | batman-adv | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's batman-adv component, specifically in the BAT IV protocol. BAT IV keeps track of the last-hop neighbor address in each neigh_node, but it also caches an originator pointer derived from a temporary lookup. This originator pointer is not owned by the neigh_node and may become invalid after purge handling runs, potentially leading to the use of stale or invalid pointers.
The fix involves stopping the caching of these unowned originator pointers in the BAT IV neighbor state. Instead, when BAT IV needs neighbor originator data, it resolves it from the stored neighbor address and then drops the reference after use, preventing the use of invalid pointers.
How can this vulnerability impact me? :
This vulnerability can lead to the use of invalid or stale originator pointers within the BAT IV protocol in the Linux kernel. Such use of invalid pointers may cause unexpected behavior, including potential crashes or instability in the network routing functionality managed by batman-adv.
While the exact impact is not detailed, improper pointer handling in kernel code can lead to memory corruption or denial of service conditions, which could affect system reliability and network performance.