Linux kernel Vulnerability in batman-adv: Issue with Neighbor State Caching
CVE-2026-46238

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46238?

A vulnerability exists in the batman-adv module of the Linux kernel, which improperly caches unowned originator pointers in the BAT IV neighbor state. The affected implementation could lead to scenarios where the neighbor node retains a reference to an originator pointer derived from a temporary lookup that may no longer point to a valid originator after purge handling operations. To remedy this, the implementation has been updated to prevent the storage of auxiliary originator pointers, requiring the module to resolve neighbor originator data from the stored neighbor address directly, thereby ensuring safer resource handling.

Affected Version(s)

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 6e20700f8c524ac379ba8274ff5d453023b7c006

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 09dc0d1a12222ffca6481916eab3cfea477b9620

References

https://git.kernel.org/stable/c/aafcbaf1159ea224528ca4075...

https://git.kernel.org/stable/c/6e20700f8c524ac379ba8274f...

https://git.kernel.org/stable/c/09dc0d1a12222ffca6481916e...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46238 Data

JSON