CVE-2026-46206 Linux CVE debrief

Who should care

Organizations running Linux systems with batman-adv mesh networking enabled, particularly those using throughput measurement features or operating mobile ad-hoc networks in production environments.

Technical summary

The batman-adv kernel module implements the B.A.T.M.A.N. (Better Approach To Mobile Ad-hoc Networking) protocol for mesh networks. The tp_meter component provides throughput measurement capabilities between mesh nodes. A lifecycle management flaw allowed tp_meter sessions to be initiated after the mesh interface had begun teardown (mesh_state no longer BATADV_MESH_ACTIVE), creating a window where session structures could be accessed after partial cleanup. The resolution adds an explicit state check to prevent new tp_meter session creation during this vulnerable period.

Defensive priority

medium

Recommended defensive actions

• Review kernel version and confirm batman-adv module usage in your environment
• Apply kernel updates containing the referenced stable commits when available from your distribution
• Monitor for kernel security advisories from your Linux distribution vendor
• If running custom batman-adv builds, cherry-pick the relevant commit from the stable kernel tree

Evidence notes

The vulnerability description and resolution are sourced from the official CVE record published 2026-05-28. The fix involves rejecting new tp_meter sessions when mesh_state != BATADV_MESH_ACTIVE. Multiple stable kernel commits are referenced, indicating backports to affected release branches.

Official resources