Vulnerability in Linux Kernel Affecting batman-adv Component
CVE-2026-46233

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46233?

A vulnerability in the Linux kernel's batman-adv implementation can lead to a NULL pointer dereference during the claims purging process. The function batadv_bla_purge_claims() failed to correctly handle claims that might be in the process of being released and freed. This occurs because it only traverses the hash list with an rcu_read_lock(). If a valid reference counter is not maintained, there is a risk of setting backbone_gw to NULL, leading to unsafe operations when calling batadv_bla_claim_get_backbone_gw(). To mitigate this issue, only claims with valid reference counters should be purged, preventing potential crashes or system instability.

Affected Version(s)

Linux 23721387c409087fd3b97e274f34d3ddc0970b74 < 7b8fbcee3184d848b5aee085ca16d0cf05c9b641

Linux 23721387c409087fd3b97e274f34d3ddc0970b74 < 7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe

Linux 23721387c409087fd3b97e274f34d3ddc0970b74

References

https://git.kernel.org/stable/c/7b8fbcee3184d848b5aee085c...

https://git.kernel.org/stable/c/7b7ebb7222a5524ce58e48cc9...

https://git.kernel.org/stable/c/b65365d2b1e6095c538d49bae...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46233 Data

JSON