Integer Overflow Vulnerability in the Linux Kernel Affecting Batman-adv Module
CVE-2026-46198

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46198?

An integer overflow vulnerability has been found in the batman-adv module of the Linux kernel. Specifically, this issue arises in the 'batadv_iv_ogm_send_to_if' function, due to a size check utilizing the int type while the 'buff_pos' variable employs the s16 type. This inconsistency could potentially allow an attacker to perform out-of-bounds read operations, potentially leading to unauthorized information disclosure or other related security concerns.

Affected Version(s)

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 974542d1efc48b7e9fe16184e647615cba39969b

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3

References

https://git.kernel.org/stable/c/f61499359fa529f0d45a53bf7...

https://git.kernel.org/stable/c/974542d1efc48b7e9fe16184e...

https://git.kernel.org/stable/c/bf872db54f91ffe70104b98c2...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46198 Data

JSON