Use-After-Free Vulnerability in Linux Kernel Affects Batman-adv Component
CVE-2026-46212

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46212?

A use-after-free vulnerability has been identified in the batman-adv component of the Linux kernel. When the function batadv_bla_del_backbone_claims() is executed to remove all claims from a backbone, a link entry within a hash list is dropped. This action was found to be flawed as the reference for the link entry remains active until batadv_claim_put() is appropriately called after ensuring no further access to the claim object takes place. If batadv_claim_put() is invoked prematurely, there is a risk that the claim may be deallocated by batadv_claim_release() before the link entry is safely removed, leading to potential exploitation.

Affected Version(s)

Linux 23721387c409087fd3b97e274f34d3ddc0970b74 < 368449e467d5f1e2c2e987bf2bd57000ba75e10b

Linux 23721387c409087fd3b97e274f34d3ddc0970b74 < 6c5dc6d68e6ba7f0224a757a39ed52fcdb54d472

Linux 23721387c409087fd3b97e274f34d3ddc0970b74 < 00155f336a5e8b1006d2ca9ae7ad8fc4a44bb401

References

https://git.kernel.org/stable/c/368449e467d5f1e2c2e987bf2...

https://git.kernel.org/stable/c/6c5dc6d68e6ba7f0224a757a3...

https://git.kernel.org/stable/c/00155f336a5e8b1006d2ca9ae...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46212 Data

JSON