15 matches found
CVE-2026-52922 batman-adv: dat: handle forward allocation error
In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...
CVE-2026-52922
In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadvdatforwarddata calls pskbcopyforclone to duplicate an skb for each DHT candidate, but does not check the return value before passing it to batadvsendskbprepareunicast4addr...
batman-adv: stop tp_meter sessions during mesh teardown
...
CVE-2026-46212
A flaw was found in the batman-adv component of the Linux kernel. This vulnerability, a use-after-free, occurs during the process of deleting backbone claims. If exploited, this memory corruption issue could allow an attacker to cause a system crash, leading to a denial of service, or potentially...
EUVD-2026-32756
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...
CVE-2026-46238
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...
CVE-2026-46233
CVE-2026-46233 affects the Linux kernel batman-adv component (batadv_bla_purge_claims). The issue arises when iterating the claims list with an rcu_read_lock() and encountering a claim being released, potentially setting backbone_gw to NULL before the delayed kfree, making batadv_bla_claim_get_ba...
CVE-2026-46231
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadvblaaddclaim fails to insert a new claim into the hash, it leaked a reference to the backbonegw for which the claim was intended. Call...
EUVD-2026-32839
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadvbladelbackboneclaims removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the...
PT-2026-44361
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the batman-adv module, BAT IV caches an originator pointer in each neigh node derived from a temporary lookup. This pointer is not owned by the neigh node and may refer to an invalid...
CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
UBUNTU-CVE-2026-43382
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnllock ELP metric worker batadvvelpgetthroughput might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via canceldelayedworksync in...
CVE-2026-31683 batman-adv: avoid OGM aggregation when skb tailroom is insufficient
In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packetlen bytes, while a later packet can still ...
SUSE CVE-2025-21781
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix panic during interface removal Reference counting is used to ensure that batadvhardifneighnode and batadvhardiface are not freed before/during batadvvelpthroughputmetricupdate work is finished. But there isn't a...
CLSA-2024-1716980150 Fix of 12 CVEs
CVE-url: https://ubuntu.com/security/CVE-2024-26929 - scsi: qla2xxx: Fix double free of fcport CVE-url: https://ubuntu.com/security/CVE-2024-35997 - HID: i2c-hid: remove I2CHIDREADPENDING flag to prevent lock-up CVE-url: https://ubuntu.com/security/CVE-2023-52752 - smb: client: fix use-after-free...