CVE-2026-31657
9.8 CRITICALIn the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_ad...
Published: 2026-04-24 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-476
Affected products
| Vendor | Product |
|---|---|
| linux | linux_kernel |
Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences claim->backbone_gw->orig and takes claim->backbone_gw->crc_lock without pinning the underlying backbone gateway. batadv_bla_check_claim() still has the same naked pointer access pattern. Reuse batadv_bla_claim_get_backbone_gw() in both readers so they operate on a stable gateway reference until the read-side work is complete. This keeps the dump and claim-check paths aligned with the lifetime rules introduced for the other BLA claim readers.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-31657
- [Patch]https://git.kernel.org/stable/c/1f2dc36c297d27733f1b380ea644cf15a361bd7b
- [Patch]https://git.kernel.org/stable/c/2f55b58b5a0bbed192d60c444a45a49cdf1b545f
- [Patch]https://git.kernel.org/stable/c/4dee4c0688443aaf5bbec74aa203c851d1d53c35
- [Other]https://git.kernel.org/stable/c/5202f071b367ffbc8e279fc7a00db14f5e587f52
- [Other]https://git.kernel.org/stable/c/69d1ce9c72eca91203ffdb8d08bacd511100aec6
- [Patch]https://git.kernel.org/stable/c/7962b522222628596ca9ecc8722efc95367aadbd
- [Patch]https://git.kernel.org/stable/c/82d8701b2c930d0e96b0dbc9115a218d791cb0d2
- [Patch]https://git.kernel.org/stable/c/f4858832ddef2f39f21e30b7226bbcd3c4b2bc96
Related CVEs
Same vendor
- CVE-2026-46273 — In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapt... (8.6 HIGH)
- CVE-2026-46272 — In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode ... (4.7 MEDIUM)
- CVE-2026-46271 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi... (7.8 HIGH)
- CVE-2026-46270 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() ... (8.4 HIGH)
- CVE-2026-46269 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing dev... (5.5 MEDIUM)
Same CWE
- CVE-2026-53463 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.3 MEDIUM)
- CVE-2026-24716 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2026-22899 — A NULL pointer dereference vulnerability has been reported to affect File Station 6
- CVE-2025-66281 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions
- CVE-2025-62850 — A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions