CVE-2026-46233

MEDIUM EPSS 2.1%
Published May 28, 20261mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 28, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadv_bla_purge_claims() goes through the list of claims, it is only traversing the hash list with an rcu_read_lock(). Due to a potential parallel batadv_claim_put(), it can happen that it encounters a claim which was actually in the process of being released+freed by batadv_claim_release(). In this case, backbone_gw is set to NULL before the delayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is then no longer allowed because it would cause a NULL-ptr derefence. To avoid this, only claims with a valid reference counter must be purged. All others are already taken care of.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-476 NULL Pointer Dereference Memory Safety

Affected Products 10

VendorProductVersionRange
linuxlinux_kernel*≥3.5  –  <5.10.258
linuxlinux_kernel*≥5.11  –  <5.15.209
linuxlinux_kernel*≥5.16  –  <6.1.175
linuxlinux_kernel*≥6.2  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.90
linuxlinux_kernel*≥6.13  –  <6.18.32
linuxlinux_kernel*≥6.19  –  <7.0.9
linuxlinux_kernel7.1any
linuxlinux_kernel7.1any
linuxlinux_kernel7.1any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/6725c523a35eeca611ff37e7d4a8712fae92aefd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b8fbcee3184d848b5aee085ca16d0cf05c9b641
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9f58d5e3261f3deeae69ec1e237f38ef3ff5cbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab3dbd07a809a8eb30c7ddfab9ac886ed30dce8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afb5436f6028fd68f408f189230fbaa19c910d72
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b65365d2b1e6095c538d49baeb140dd1c166c1b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf6b604011591865ae39ac82de8978c1120d17af
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/6725c523a35eeca611ff37e7d4a8712fae92aefd
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7b8fbcee3184d848b5aee085ca16d0cf05c9b641
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a9f58d5e3261f3deeae69ec1e237f38ef3ff5cbe
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ab3dbd07a809a8eb30c7ddfab9ac886ed30dce8d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/afb5436f6028fd68f408f189230fbaa19c910d72
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b65365d2b1e6095c538d49baeb140dd1c166c1b3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cf6b604011591865ae39ac82de8978c1120d17af
    Patch