CVE-2026-46238
HIGH EPSS 17.5%
Published May 28, 20261mo ago · Modified Jun 17, 20261w ago
8.8 CVSS 3.1
Published May 28, 2026 1mo ago
Last Modified Jun 17, 2026 1w ago
Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neigh_node, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not owned by the neigh_node and may no longer refer to a live originator entry after purge handling runs. Stop storing the auxiliary originator pointer in the BAT IV neighbor state. When BAT IV needs the neighbor originator data, resolve it from the stored neighbor address and drop the reference again after use. [sven: avoid bonding logic for outgoing OGM]
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
17.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 10
| Vendor | Product | Version | Range |
|---|---|---|---|
| linux | linux_kernel | * | ≥2.6.38 – <5.10.258 |
| linux | linux_kernel | * | ≥5.11 – <5.15.209 |
| linux | linux_kernel | * | ≥5.16 – <6.1.175 |
| linux | linux_kernel | * | ≥6.2 – <6.6.140 |
| linux | linux_kernel | * | ≥6.7 – <6.12.90 |
| linux | linux_kernel | * | ≥6.13 – <6.18.32 |
| linux | linux_kernel | * | ≥6.19 – <7.0.9 |
| linux | linux_kernel | 7.1 | any |
| linux | linux_kernel | 7.1 | any |
| linux | linux_kernel | 7.1 | any |
References 8
- git.kernel.org https://git.kernel.org/stable/c/09dc0d1a12222ffca6481916eab3cfea477b9620
- git.kernel.org https://git.kernel.org/stable/c/384e3050a42be9085d50507b4d5f8266a588d742
- git.kernel.org https://git.kernel.org/stable/c/67bceeb22207f1f5a402973a3a0809e5f2698f38
- git.kernel.org https://git.kernel.org/stable/c/6e20700f8c524ac379ba8274ff5d453023b7c006
- git.kernel.org https://git.kernel.org/stable/c/86b2b58d7c228d850c8c78e4144e6123e8ed2718
- git.kernel.org https://git.kernel.org/stable/c/8c16c68fdbb69778f8d04f650340c3f4d1518f8e
- git.kernel.org https://git.kernel.org/stable/c/aafcbaf1159ea224528ca4075d0ba8c10ef374af
- git.kernel.org https://git.kernel.org/stable/c/f03e8583532941b07761c5429de7d50766fa3110
Remediation
- git.kernel.org https://git.kernel.org/stable/c/09dc0d1a12222ffca6481916eab3cfea477b9620
- git.kernel.org https://git.kernel.org/stable/c/384e3050a42be9085d50507b4d5f8266a588d742
- git.kernel.org https://git.kernel.org/stable/c/67bceeb22207f1f5a402973a3a0809e5f2698f38
- git.kernel.org https://git.kernel.org/stable/c/6e20700f8c524ac379ba8274ff5d453023b7c006
- git.kernel.org https://git.kernel.org/stable/c/86b2b58d7c228d850c8c78e4144e6123e8ed2718
- git.kernel.org https://git.kernel.org/stable/c/8c16c68fdbb69778f8d04f650340c3f4d1518f8e
- git.kernel.org https://git.kernel.org/stable/c/aafcbaf1159ea224528ca4075d0ba8c10ef374af
- git.kernel.org https://git.kernel.org/stable/c/f03e8583532941b07761c5429de7d50766fa3110