CVE-2026-46231 - Vulnerability Details

- batman-adv: bla: put backbone reference on failed claim hash insert

Description

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: bla: put backbone reference on failed claim hash insert

When batadv_bla_add_claim() fails to insert a new claim into the hash, it
leaked a reference to the backbone_gw for which the claim was intended.
Call batadv_backbone_gw_put() on the error path to release the reference
and avoid leaking the backbone_gw object.

Published: 2026-05-28

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel, the batman‑adv network layer can leak a reference to a backbone gateway object when batadv_bla_add_claim() fails to insert a new claim into its hash table. The leaked reference prevents the reference‑counting mechanism from releasing the backbone_gw object, which could lead to resource exhaustion or prolonged retention of kernel structures, potentially affecting system stability.

Affected Systems

The vulnerability resides in the batman‑adv component of the Linux kernel. It applies to all kernel versions that include this code path and have not applied the fix. No specific version range is given, so any unpatched kernel with batman‑adv is affected.

Risk and Exploitability

The flaw is a reference leak rather than a direct code‑execution vulnerability. Based on the description, it is inferred that local privileged code that forces batadv_bla_add_claim() to fail and trigger the error path would be needed to exploit the vulnerability. The CVSS score of 5.5 indicates moderate severity, and the EPSS score of < 1% indicates a very low likelihood of public exploitation. The vulnerability is not listed in the CISA KEV catalog. Nevertheless, an attacker with the necessary access could induce denial‑of‑service by exhausting kernel memory or keeping the backbone_gw object live longer than intended.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< 6c8b68a7ed667a63aa603ba4d3a7088be143007e
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< 769f413d374ff2b6ff6d8d8c37b4c1178e6cdf14
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< 2888c9a154123db0254ae4fb9bea570c7e1f2e06
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< 65419eb4259a26a3cd3f56fa0e3b3c113bf8c256
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< fd0ca034c1e71ca7613cde9dd892836b2c2831bd
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< 0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< 7cccf4eb4f96d3c3af91a00b7a9caa652439542e
`3db0decf1185357d6ab2256d0dede1ca9efda03d`	affected	< ba9d20ee9076dac32c371116bacbe72480eb356c
`3fdd337ac0b277a1f40aa73b35283520f426e517`	affected	—
`485eedfabc2aefac8f09f98a82ba1c1e3e202a6d`	affected	—
`3.16.39`	affected	< 3.17
`4.4.217`	affected	< 4.5

Linux

affected

Version	Status	Constraints
`4.7`	affected	—
`0`	unaffected	< 4.7
`5.10.258`	unaffected	≤ 5.10.*
`5.15.209`	unaffected	≤ 5.15.*
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.90`	unaffected	≤ 6.12.*
`6.18.32`	unaffected	≤ 6.18.*
`7.0.9`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:4.7:-::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc2::::::
	cpe:2.3:o:linux:linux_kernel:7.1:rc3::::::

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[3db0decf1185357d6ab2256d0dede1ca9efda03d,65419eb4259a26a3cd3f56fa0e3b3c113bf8c256)`	affected	code_commit	—
`[3db0decf1185357d6ab2256d0dede1ca9efda03d,fd0ca034c1e71ca7613cde9dd892836b2c2831bd)`	affected	code_commit	—
`[3db0decf1185357d6ab2256d0dede1ca9efda03d,0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0)`	affected	code_commit	—
`[3db0decf1185357d6ab2256d0dede1ca9efda03d,7cccf4eb4f96d3c3af91a00b7a9caa652439542e)`	affected	code_commit	—
`[3db0decf1185357d6ab2256d0dede1ca9efda03d,ba9d20ee9076dac32c371116bacbe72480eb356c)`	affected	code_commit	—
`3fdd337ac0b277a1f40aa73b35283520f426e517`	affected	code_commit	—
`485eedfabc2aefac8f09f98a82ba1c1e3e202a6d`	affected	code_commit	—
`[3.16.39,3.17)`	affected	generic	—
`[4.4.217,4.5)`	affected	generic	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`4.7`	affected	generic	—
`[0,4.7)`	unaffected	generic	—
`[6.6.140,6.6.*]`	unaffected	generic	—
`[6.12.90,6.12.*]`	unaffected	generic	—
`[6.18.32,6.18.*]`	unaffected	generic	—
`[7.0.9,7.0.*]`	unaffected	generic	—
`[7.1-rc4,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a version that includes the batman‑adv patch fixing the reference leak.
If an upgrade is not possible, disable the batman‑adv interface or restrict its use to prevent claim insertion.
Continuously monitor system logs for repeated claim‑insertion failures and anomalous memory usage to detect potential exploitation.

Generated by OpenCVE AI on June 10, 2026 at 22:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00119.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0
https://git.kernel.org/stable/c/2888c9a154123db0254ae4fb9bea570c7e1f2e06
https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256
https://git.kernel.org/stable/c/6c8b68a7ed667a63aa603ba4d3a7088be143007e
https://git.kernel.org/stable/c/769f413d374ff2b6ff6d8d8c37b4c1178e6cdf14
https://git.kernel.org/stable/c/7cccf4eb4f96d3c3af91a00b7a9caa652439542e
https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c
https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd
https://lore.kernel.org/linux-cve-announce/2026052839-CVE-2026-46231-7543@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46231
https://www.cve.org/CVERecord?id=CVE-2026-46231

History

Wed, 10 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel:4.7:-:::::: cpe:2.3:o:linux:linux_kernel:7.1:rc1:::::: cpe:2.3:o:linux:linux_kernel:7.1:rc2:::::: cpe:2.3:o:linux:linux_kernel:7.1:rc3::::::
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Mon, 01 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/2888c9a154123db0254ae4fb9bea570c7e1f2e06 https://git.kernel.org/stable/c/6c8b68a7ed667a63aa603ba4d3a7088be143007e https://git.kernel.org/stable/c/769f413d374ff2b6ff6d8d8c37b4c1178e6cdf14

Fri, 29 May 2026 04:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-391

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026052839-CVE-2026-46231-7543@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46231 https://www.cve.org/CVERecord?id=CVE-2026-46231

Thu, 28 May 2026 14:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-391

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadv_bla_add_claim() fails to insert a new claim into the hash, it leaked a reference to the backbone_gw for which the claim was intended. Call batadv_backbone_gw_put() on the error path to release the reference and avoid leaking the backbone_gw object.
Title		batman-adv: bla: put backbone reference on failed claim hash insert
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0 https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256 https://git.kernel.org/stable/c/7cccf4eb4f96d3c3af91a00b7a9caa652439542e https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:40:53.471Z

Updated: 2026-06-14T18:04:27.129Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46231

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-28T10:16:38.743

Modified: 2026-06-10T21:12:01.667

Link: CVE-2026-46231

Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46231 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-10T22:45:27Z

Weaknesses

CWE-911
Improper Update of Reference Count
NVD-CWE-noinfo

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object