batman‑adv, a network mesh driver in the Linux kernel, mistakenly cached an unowned originator pointer within the BAT IV neighbor state. When the neighbor table was purged, this pointer could refer to memory that had already been freed or repurposed. An attacker who can influence batman‑adv traffic in a way that causes the stale pointer to be dereferenced can trigger kernel memory corruption. Because the corruption occurs in privileged kernel space, exploitation could lead to arbitrary code execution with full system privileges. The flaw is a classic use‑after‑free vulnerability (CWE‑416).

All Linux kernel versions that include the unpatched batman‑adv implementation are affected, as the issue exists before the patch that removes the auxiliary originator pointer from the neighbor state. The vulnerability is specific to the batman‑adv kernel module and does not affect user‑space applications. No exact kernel release numbers are listed, so all kernels from the first introduction of batman‑adv up to the latest stable release before the hotfix are potentially impacted.

Public records do not report an EPSS score or a CVSS rating, and the flaw is not listed in the CISA KEV catalog. The theoretical severity is high because the bug permits kernel memory corruption that can be leveraged for privilege escalation to root. The likely attack vector involves crafting network packets that are processed by the batman‑adv module, which is typically bound to local or untrusted network interfaces; thus the vulnerability requires local or network-level access to trigger. No publicly available exploits have been found, so the risk remains primarily theoretical until proof‑of‑concept code appears.