Impact
A wrap‑around bug in batman‑adv’s TVLV packet builder can cause the kernel to allocate a buffer that is smaller than required. When the data is copied, bytes write beyond the end of the allocated area, corrupting kernel memory. This corruption can lead to kernel crashes or, in a more capable attacker scenario, arbitrary code execution with kernel privileges. The flaw is a classic integer‑overflow to buffer‑overflow issue. The description explicitly states a memory corruption outcome without naming a specific exploit or a denial‑of‑service effect, but the nature of the bug suggests the potential for privilege escalation if an attacker can craft a packet to reach the vulnerable code.
Affected Systems
All Linux kernel installations that include the batman‑adv networking module are impacted. No specific kernel or module version is listed; the bug exists wherever the current batman‑adv code path is compiled into the system.
Risk and Exploitability
The EPSS score is less than 1%, and the CVSS score is 8.8, indicating high severity. KEV is not listed. Based on the description, an attacker can trigger the vulnerability by sending oversized TVLV packets from another node in a batman‑adv mesh network. The likely attack vector is a malicious peer within the mesh. An attacker with network access to the mesh can construct such packets, potentially causing a memory corruption that could be leveraged for privilege escalation or a denial‑of‑service if the kernel crashes. The absence of a KEV listing suggests it has not been observed in the wild yet, but the severity of the underlying flaw warrants prompt attention.
OpenCVE Enrichment
Debian DLA