CVE-2026-46238
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
28/05/2026
Last modified:
30/05/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
batman-adv: stop caching unowned originator pointers in BAT IV<br />
<br />
BAT IV keeps the last-hop neighbor address in each neigh_node, but some<br />
paths also cache an originator pointer derived from a temporary lookup.<br />
That pointer is not owned by the neigh_node and may no longer refer to a<br />
live originator entry after purge handling runs.<br />
<br />
Stop storing the auxiliary originator pointer in the BAT IV neighbor<br />
state. When BAT IV needs the neighbor originator data, resolve it from<br />
the stored neighbor address and drop the reference again after use.<br />
<br />
[sven: avoid bonding logic for outgoing OGM]
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/09dc0d1a12222ffca6481916eab3cfea477b9620
- https://git.kernel.org/stable/c/67bceeb22207f1f5a402973a3a0809e5f2698f38
- https://git.kernel.org/stable/c/6e20700f8c524ac379ba8274ff5d453023b7c006
- https://git.kernel.org/stable/c/aafcbaf1159ea224528ca4075d0ba8c10ef374af
- https://git.kernel.org/stable/c/f03e8583532941b07761c5429de7d50766fa3110