Description
In the Linux kernel, the following vulnerability has been resolved:

batman-adv: avoid OGM aggregation when skb tailroom is insufficient

When OGM aggregation state is toggled at runtime, an existing forwarded
packet may have been allocated with only packet_len bytes, while a later
packet can still be selected for aggregation. Appending in this case can
hit skb_put overflow conditions.

Reject aggregation when the target skb tailroom cannot accommodate the new
packet. The caller then falls back to creating a new forward packet
instead of appending.
Published: 2026-04-25
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow condition in the batman-adv module occurs when On-Mesh Gateway (OGM) aggregation is toggled at runtime and a forwarded packet has been allocated only with packet_len bytes. Subsequent packets may still be selected for aggregation, and when the kernel attempts to append them, the skb_put operation can overflow if the packet’s tailroom is insufficient. This incorrect memory handling is an instance of CWE‑131 and could potentially allow a local attacker to overwrite kernel memory, leading to privilege escalation or denial of service.

Affected Systems

All Linux kernel installations that include the batman-adv module and have not yet applied the patch for CVE‑2026‑31683 are affected. No specific kernel version range is listed, so any kernel variant that implements batman-adv without the fix is potentially vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 7.8, indicating high severity. The EPSS score is less than 1 %, suggesting a low probability that the flaw is actively exploited. The vulnerability is not listed in CISA’s KEV catalog. Because the flaw is a local kernel buffer overflow, the likely attack vector requires access to the batman‑adv network interface, implying a local or privileged network attacker. No public exploitation or exploitability analysis is documented in the provided data.

Generated by OpenCVE AI on May 6, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the batman‑adv OGM aggregation fix
  • If an immediate kernel upgrade is not possible, disable the batman‑adv module or disable the OGM aggregation feature until the patch can be applied
  • Restrict traffic that can reach the batman‑adv interface to trusted hosts only, mitigating the risk of an attacker crafting malicious packets

Generated by OpenCVE AI on May 6, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4561-1 linux-6.1 security update
Debian DSA Debian DSA DSA-6238-1 linux security update
Debian DSA Debian DSA DSA-6243-1 linux security update
History

Wed, 06 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*

Mon, 27 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 27 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References

Sat, 25 Apr 2026 09:00:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while a later packet can still be selected for aggregation. Appending in this case can hit skb_put overflow conditions. Reject aggregation when the target skb tailroom cannot accommodate the new packet. The caller then falls back to creating a new forward packet instead of appending.
Title batman-adv: avoid OGM aggregation when skb tailroom is insufficient
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:13:37.273Z

Reserved: 2026-03-09T15:48:24.130Z

Link: CVE-2026-31683

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-04-25T09:16:02.037

Modified: 2026-05-06T21:14:05.127

Link: CVE-2026-31683

cve-icon Redhat

Severity :

Publid Date: 2026-04-25T00:00:00Z

Links: CVE-2026-31683 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:45:13Z

Weaknesses