Packet Handling Issue in Linux Kernel's batman-adv Component
CVE-2026-31683

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 25 April 2026

What is CVE-2026-31683?

The Linux kernel contains a vulnerability within the batman-adv component that can lead to packet handling issues during OGM aggregation. When the runtime state of OGM aggregation is toggled, existing forwarded packets may only have a limited amount of allocated space (determined by packet_len). This limitation can create conditions where a later packet is chosen for aggregation but cannot be safely appended due to insufficient skb tailroom. As a result, this may cause overflow scenarios with skb_put. The implemented fix rejects aggregation attempts when the target skb does not have adequate tailroom, necessitating the creation of new forward packets instead.

Affected Version(s)

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 67176c96f325837b0bb3e9538ca2eba414f447d8

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 0b10a8b355c3f71012ce89289ec2c2f5e3bfd6c1

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 6755347c5f9bdd44dee80f692208b056fcd40a52

References

https://git.kernel.org/stable/c/67176c96f325837b0bb3e9538...

https://git.kernel.org/stable/c/0b10a8b355c3f71012ce89289...

https://git.kernel.org/stable/c/6755347c5f9bdd44dee80f692...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31683 Data

JSON