Linux Kernel Vulnerability in Batman-adv Impacting Gateway References
CVE-2026-31657

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 24 April 2026

What is CVE-2026-31657?

A vulnerability in the batman-adv component of the Linux kernel can lead to improper management of backbone gateway references. The function batadv_bla_add_claim() may inadvertently replace a claim’s backbone gateway and drop the last reference to the previous gateway while active readers are still accessing this pointer. This situation can cause instability and unexpected behavior as the netlink claim dump path could dereference a non-existent pointer. The batadv_bla_check_claim() function continues to exhibit unsafe pointer access patterns. To mitigate this issue, it is critical that functionalities are revised to reuse batadv_bla_claim_get_backbone_gw() for all readers, ensuring a stable reference to the gateway until all related operations are complete.

Affected Version(s)

Linux 23721387c409087fd3b97e274f34d3ddc0970b74

Linux 23721387c409087fd3b97e274f34d3ddc0970b74 < 2f55b58b5a0bbed192d60c444a45a49cdf1b545f

Linux 23721387c409087fd3b97e274f34d3ddc0970b74 < 7962b522222628596ca9ecc8722efc95367aadbd

References

https://git.kernel.org/stable/c/f4858832ddef2f39f21e30b72...

https://git.kernel.org/stable/c/2f55b58b5a0bbed192d60c444...

https://git.kernel.org/stable/c/7962b522222628596ca9ecc87...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31657 Data

JSON