CVE-2026-46233 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadv_bla_purge_claims() goes through the list of claims, it is only traversing the hash list with an rcu_read_lock(). Due to a potential parallel batadv_claim_put(), it can happen that it encounters a claim which was actually in the process of being released+freed by batadv_claim_release(). In this case, backbone_gw is set to NULL before the delayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is then no longer allowed because it would cause a NULL-ptr derefence. To avoid this, only claims with a valid reference counter must be purged. All others are already taken care of.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe
https://git.kernel.org/stable/c/7b8fbcee3184d848b5aee085ca16d0cf05c9b641
https://git.kernel.org/stable/c/ab3dbd07a809a8eb30c7ddfab9ac886ed30dce8d
https://git.kernel.org/stable/c/b65365d2b1e6095c538d49baeb140dd1c166c1b3
https://git.kernel.org/stable/c/cf6b604011591865ae39ac82de8978c1120d17af

History

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadv_bla_purge_claims() goes through the list of claims, it is only traversing the hash list with an rcu_read_lock(). Due to a potential parallel batadv_claim_put(), it can happen that it encounters a claim which was actually in the process of being released+freed by batadv_claim_release(). In this case, backbone_gw is set to NULL before the delayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is then no longer allowed because it would cause a NULL-ptr derefence. To avoid this, only claims with a valid reference counter must be purged. All others are already taken care of.
Title		batman-adv: bla: only purge non-released claims
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe https://git.kernel.org/stable/c/7b8fbcee3184d848b5aee085ca16d0cf05c9b641 https://git.kernel.org/stable/c/ab3dbd07a809a8eb30c7ddfab9ac886ed30dce8d https://git.kernel.org/stable/c/b65365d2b1e6095c538d49baeb140dd1c166c1b3 https://git.kernel.org/stable/c/cf6b604011591865ae39ac82de8978c1120d17af

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:40:55.019Z

Updated: 2026-05-28T09:40:55.019Z

Reserved: 2026-05-13T15:03:33.106Z

Link: CVE-2026-46233

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-28T10:16:38.943

Modified: 2026-05-28T10:16:38.943

Link: CVE-2026-46233

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object