Impact
The batman‑adv networking module contains a flaw where the function batadv_dat_forward_data() duplicates an skb for each DHT candidate by calling pskb_copy_for_clone() but fails to test whether the allocation succeeded. When the allocation fails, the skb passed to batadv_send_skb_prepare_unicast_4addr() is NULL panic. The vulnerability is classified as CWE‑252 (Unchecked Return Value) and results in a denial‑of‑service condition whenever it is exercised.
Affected Systems
This issue affects all Linux kernel releases that include the batman‑adv driver before the commit that introduced the NULL‑check. The attack surface is the network stack handling mesh networking traffic on machines that have batman‑adv enabled. No specific kernel version range is listed in the advisory; however, any kernel version containing batman‑adv prior to the patch is considered vulnerable.
Risk and Exploitability
Based on the description, it is inferred that an attacker could trigger the bug by sending a crafted packet that forces memory allocation failure during forwarding, so the attack vector is network‑based packet injection. The EPSS score of <1% indicates a very low chance of real‑world exploitation7.5 reflects a high severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting that there are no known widespread attacks. Nonetheless, Internet developers must treat the kernel crash as a critical denial‑of‑service risk for affected systems.
OpenCVE Enrichment
Debian DLA