CLSA-2026-1780132171 Fix of 25 CVEs

CVE-2025-68724 - crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid CVE-2025-68724 CVE-2025-71196 - phy: stm32-usphyc: Fix off by one in probe CVE-2025-71196 CVE-2026-23033 - dmaengine: omap-dma: fix dmapool resource leak in error paths CVE-2026-23033 CVE-2026-23049 -...

batman-adv: reject new tp_meter sessions during teardown

...

batman-adv: bla: only purge non-released claims

...

batman-adv: bla: prevent use-after-free when deleting claims

...

batman-adv: fix integer overflow on buff_pos

...

batman-adv: bla: put backbone reference on failed claim hash insert

...

SUSE CVE-2026-46198

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buffpos Fixing an integer overflow present in batadvivogmsendtoif. The size check is done using the int type in batadvivogmaggrpacket whereas the buffpos variable uses the s16 type. This could...

SUSE CVE-2026-46206

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...

SUSE CVE-2026-46208

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree currently tears down the...

SUSE CVE-2026-46212

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...

SUSE CVE-2026-46231

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...

SUSE CVE-2026-46233

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an rcureadlock. Due to a potential parallel batadvclaimput, it can happen that it...

Linux Distros Unpatched Vulnerability : CVE-2026-46231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to t...

Linux Distros Unpatched Vulnerability : CVE-2026-46208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: stop tpmeter sessions during mesh teardown TP meter sessions remain linked on batpriv-tplist after the netlink request has already finished. When th...

Linux Distros Unpatched Vulnerability : CVE-2026-46206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: reject new tpmeter sessions during teardown Prevent tpmeter from starting new sender or receiver sessions after meshstate has left BATADVMESHACTIVE...

Linux Distros Unpatched Vulnerability : CVE-2026-46238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an...

Linux Distros Unpatched Vulnerability : CVE-2026-46233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: bla: only purge non-released claims When batadvblapurgeclaims goes through the list of claims, it is only traversing the hash list with an...

Linux Distros Unpatched Vulnerability : CVE-2026-46212

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the lin...

Linux Distros Unpatched Vulnerability : CVE-2026-46198

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: fix integer overflow on buffpos Fixing an integer overflow present in batadvivogmsendtoif. The size check is done using the int type in...

CVE-2026-46198

A flaw was found in the Linux kernel's batman-adv component. An integer overflow in the batadvivogmsendtoif function, specifically with the buffpos variable, can lead to an out-of-bound read. This occurs because the size check uses an int type while buffpos uses an s16 type, causing a mismatch th...