Description
In the Linux kernel, the following vulnerability has been resolved:

batman-adv: stop tp_meter sessions during mesh teardown

TP meter sessions remain linked on bat_priv->tp_list after the netlink
request has already finished. When the mesh interface is removed,
batadv_mesh_free() currently tears down the mesh without first draining
these sessions.

A running sender thread or a late incoming tp_meter packet can then keep
processing against a mesh instance which is already shutting down.
Synchronize tp_meter with the mesh lifetime by stopping all active
sessions from batadv_mesh_free() and waiting for sender threads to exit
before teardown continues.
Published: 2026-05-28
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The batman-adv module in the Linux kernel does not terminate tp_meter sessions when a mesh interface is removed. As a result, sender threads or late tp_meter packets can continue to operate against a mesh instance that is already shutting down, potentially leading to uncontrolled resource consumption (CWE-366).

Affected Systems

All Linux kernels that include the batman-adv module and lack the recent commit that stops tp_meter sessions during mesh teardown are affected. Systems running distribution kernels that have not yet integrated this patch and that use batman‑adv for mesh networking are at risk.

Risk and Exploitability

Based on the description, it is inferred that an attacker would need to trigger a mesh interface removal while tp_meter sessions are active, which typically indicates local or privileged network access to the affected node. The CVSS score of 7.8 reflects a high severity, while the EPSS score remains <1% and the vulnerability is not listed in CISA’s KEV catalog. Exploitation would require the attacker to force batadv_mesh_free() to run prematurely, potentially causing ongoing tp_meter processing against a shutting‑down instance. The practical likelihood of exploitation is considered low to moderate, as the attacker must have control over the mesh teardown operation. The resulting impact could be resource exhaustion or incomplete cleanup of sender threads, leading to denial of service on the node.

Generated by OpenCVE AI on June 10, 2026 at 20:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the batadv patch which stops tp_meter sessions during mesh teardown.
  • If a kernel update cannot be applied immediately, ensure all active tp_meter sessions are stopped and allow sender threads to finish before removing the mesh interface.
  • If batman‑adv mesh networking is not required, disable the module or remove the mesh configuration to reduce exposure.

Generated by OpenCVE AI on June 10, 2026 at 20:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 29 May 2026 03:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Fri, 29 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-366
References

Thu, 28 May 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 28 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink request has already finished. When the mesh interface is removed, batadv_mesh_free() currently tears down the mesh without first draining these sessions. A running sender thread or a late incoming tp_meter packet can then keep processing against a mesh instance which is already shutting down. Synchronize tp_meter with the mesh lifetime by stopping all active sessions from batadv_mesh_free() and waiting for sender threads to exit before teardown continues.
Title batman-adv: stop tp_meter sessions during mesh teardown
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-14T18:02:50.131Z

Reserved: 2026-05-13T15:03:33.105Z

Link: CVE-2026-46208

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-28T10:16:36.457

Modified: 2026-06-10T19:17:59.660

Link: CVE-2026-46208

cve-icon Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46208 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T21:00:07Z

Weaknesses