Linux kernel Vulnerability in batman-adv: Issue with Neighbor State Caching
CVE-2026-46238

8.8HIGH

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46238?

A vulnerability exists in the batman-adv module of the Linux kernel, which improperly caches unowned originator pointers in the BAT IV neighbor state. The affected implementation could lead to scenarios where the neighbor node retains a reference to an originator pointer derived from a temporary lookup that may no longer point to a valid originator after purge handling operations. To remedy this, the implementation has been updated to prevent the storage of auxiliary originator pointers, requiring the module to resolve neighbor originator data from the stored neighbor address directly, thereby ensuring safer resource handling.

Affected Version(s)

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 86b2b58d7c228d850c8c78e4144e6123e8ed2718

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 384e3050a42be9085d50507b4d5f8266a588d742

Linux c6c8fea29769d998d94fcec9b9f14d4b52b349d3 < 8c16c68fdbb69778f8d04f650340c3f4d1518f8e

References

https://git.kernel.org/stable/c/86b2b58d7c228d850c8c78e41...

https://git.kernel.org/stable/c/384e3050a42be9085d50507b4...

https://git.kernel.org/stable/c/8c16c68fdbb69778f8d04f650...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46238 Data

JSON