Impact
The vulnerability resides in the batman-adv module of the Linux kernel. A flaw in how accumulated fragment lengths are tracked allows an attacker to feed a malformed fragment chain that overflows the length counter. This permits the attacker to bypass the module’s validation logic and trigger reassembly with an inconsistent length state, resulting in a local denial of service. The weakness is an integer overflow that subverts integrity checks during packet reassembly.
Affected Systems
All Linux kernel installations that include the batman-adv networking module before the referenced fix. Exact kernel versions are not listed, but any kernel that shipped batman-adv in its buggy form is potentially affected.
Risk and Exploitability
The attack vector is local; a user or process with access to the batman-adv interface can send crafted data to trigger the overflow. The exploitation does not provide direct escalation or data exfiltration, but it can crash the module and disrupt network connectivity. The EPSS score is < 1% (indicating a low likelihood of exploitation), and the vulnerability is not listed in CISA KEV, indicating it is currently unreported in the known exploited vulnerabilities catalog. The CVSS score of 9.8 indicates a critical severity.
OpenCVE Enrichment
Debian DLA