Impact
A counter underflow occurs in the batman‑adv tap meter shutdown routine. The atomic counter is decremented unconditionally; if multiple shutdown paths are activated the counter can become negative. Because the sender logic interprets any non‑zero value as "still sending", a negative counter causes the sender kernel thread to loop indefinitely. When the underlying network interface is removed while the zombie thread remains active, a use‑after‑free occurs, potentially crashing the kernel and providing a denial‑of‑service vector. The weakness involves integer underflow (CWE‑191).
Affected Systems
The vulnerability affects Linux kernel installations that include the batman‑adv module with the tp_meter feature. All releases of the Linux kernel that have not integrated the fix contained in the referenced commits are potentially vulnerable. No specific version range is provided, so any kernel revision lacking the update may be impacted.
Risk and Exploitability
The EPSS score is < 1%, indicating a very low probability of exploitation while still making it difficult to quantify overall severity. The CVSS score is 7.8, reflecting a moderate to high impact. The vulnerability is not listed in the CISA KEV catalog, suggesting it is not known to be actively exploited. However, a use‑after‑free in kernel code is a high‑impact flaw; exploitation would likely require local control over batman‑adv traffic or the ability to trigger multiple shutdown paths. The risk remains significant for systems that run batman‑adv services without the patch.
OpenCVE Enrichment
Debian DLA