The batman‑adv component in the Linux kernel contains a logic oversight that permits the tp_meter subsystem to initiate new sender or receiver sessions even after the mesh network has transitioned out of the BATADV_MESH_ACTIVE state, which can result in inaccurate telemetry data or resource exhaustion, effectively causing a denial of service to measurement functionalities. This flaw is a resource management error (CWE-372) and is further marked as NVD-CWE-noinfo, indicating that no additional specific coding deficiency has been identified beyond the resource exhaustion category. No exploit details or impact beyond telemetry service disruption are described in the advisory.

The vulnerability appears in any kernel version that incorporates the batman‑adv code before the commits referenced in the advisory were applied. Specific affected releases are not enumerated, but the issue applies to all systems running the unpatched batch of batman‑adv modules. The change is only relevant for deployments that enable the tp_meter feature within a mesh network.

The advisory lists no publicly available exploitation code, and the EPSS score of < 1% indicates a very low probability of exploitation, while the CVSS score of 7.8 indicates a high severity, and the flaw is not catalogued in CISA’s KEV. The advisory does not state any required privileges; therefore, the extent to which a non-privileged user could trigger the flaw remains unclear. Overall, the risk is considered low for environments that do not expose batman-adv to external interfaces or rely on tp_meter telemetry.