CVE-2026-46198 Linux CVE debrief

Who should care

Organizations deploying Linux-based mesh networks using batman-adv, wireless ISPs, community network operators, and enterprises using B.A.T.M.A.N. protocol for decentralized network infrastructure.

Technical summary

The batman-adv kernel module implements the B.A.T.M.A.N. mesh routing protocol. The vulnerability stems from inconsistent integer typing: `buff_pos` uses `s16` while aggregation size checks use `int`. When processing aggregated OGM packets, this discrepancy can cause signed 16-bit overflow, resulting in negative buffer positions that bypass bounds checks and enable out-of-bounds memory access. The fix involves aligning type usage or adding proper overflow validation in the aggregation packet handling path.

Defensive priority

medium

Recommended defensive actions

• Review kernel version and confirm batman-adv module usage in network infrastructure
• Apply kernel updates from distribution security channels when available
• Monitor stable kernel git commits for backported fixes to currently deployed versions
• Consider disabling batman-adv kernel module if mesh networking functionality is not required
• Validate network segmentation to limit exposure of batman-adv-enabled systems

Evidence notes

The vulnerability description indicates a type mismatch between `s16 buff_pos` and `int` size checks in batman-adv's OGM aggregation handling. Multiple stable kernel branch commits are referenced, suggesting coordinated fixes across supported kernel versions. The NVD entry status is 'Awaiting Analysis' as of the source publication date.

Official resources