The batman-adv mesh networking implementation contains a logic flaw that fails to clear the selected gateway during mesh teardown. When the outbound gateway list is removed, the reference to the current gateway remains, leaving stale state across operations. This stale reference can cause subsequent mesh recreation attempts to fail or behave unpredictably, effectively disabling mesh connectivity for affected nodes. The weakness stems from improper state cleanup and is classified under CWE-416 (Use After Free) and CWE-674 (Uncontrolled Resource Consumption).

The issue is present in the Linux kernel version that includes the batman-adv networking module. All deployments utilizing the batman-adv driver in any distribution of the Linux kernel are potentially affected, regardless of distribution vendor. There is no specific product version range listed in the CNA data; the flaw exists in any kernel that has not yet applied the fix commit. The affected systems are therefore any Linux hosts running batman-adv prior to the latest available kernel release that incorporates the patch.

The CVSS score is not reported in the CVE entry, but the nature of the flaw suggests it leads to a denial of service rather than remote code execution. Exploitability is low to moderate; an attacker would need to influence the targeted node’s network state or trigger a mesh teardown event to cause the stale gateway condition. No indication is provided that this weakness is actively exploited in the wild and the EPSS score is currently unavailable, implying limited exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog, further indicating that it is not recognized as a widely exploited threat at this time. The bit it is inferred that the attack vector is internal, requiring control of the mesh teardown sequence or persistent presence on the affected node to leverage the stale state for service disruption.