Impact
The batman-adv tp_meter module contains a flaw where receiving a malicious ACK packet while acting as a receiver causes the code to access sender-only members that were never initialized, leading to undefined behaviour. This can result in a crash, memory corruption, or other unintended effects; whether it allows code execution or privilege escalation is not confirmed in the CVE data and is inferred from the undefined behaviour.
Affected Systems
Any Linux system that runs a kernel containing the batman-adv subsystem and participates in a tp_meter session is potentially affected. No specific kernel release is disclosed, so all builds that include the unpatched code are vulnerable.
Risk and Exploitability
The CVSS score is 9.8. The EPSS score of the vulnerability is < 1%, indicating a very low exploitation probability and it is not listed in CISA KEV. It is a kernel-space flaw, indicating high potential impact. An attacker must send a crafted ACK packet over a tp_meter session, which requires either proximity on the mesh network or participation in a tp_meter session; this requirement is inferred from the attack path. Triggering the flaw causes undefined behaviour that could lead to a crash or memory corruption. Whether such corruption could be leveraged for privilege escalation or code execution is not established in the CVE data and is inferred from the undefined behaviour. The overall risk for environments using batman-adv without the patch remains high.
OpenCVE Enrichment
Debian DLA