CVE-2026-46212 Linux CVE debrief

Who should care

Linux system administrators operating batman-adv mesh networks, kernel maintainers for distributions shipping batman-adv, network infrastructure teams relying on wireless mesh deployments using BLA for loop prevention

Technical summary

The vulnerability is a use-after-free condition in net/batman-adv/bridge_loop_avoidance.c. When batadv_bla_del_backbone_claims() iterates through claims to remove them for a backbone gateway, it calls batadv_claim_put() to drop the reference held by the hash list entry. However, this reference drop occurs before the final access to the claim object completes. If batadv_claim_release() executes and frees the claim memory while the function still requires access to the list entry or claim data, undefined behavior occurs. The fix reorders operations to ensure the hash list entry removal and final claim access complete before the reference count is decremented.

Defensive priority

high

Recommended defensive actions

• Apply kernel updates from official Linux stable repositories containing the identified fixes
• Verify batman-adv BLA functionality remains operational after patching
• Monitor kernel logs for memory corruption indicators on systems running batman-adv mesh networks
• Review systems using batman-adv for mesh networking deployments and prioritize patching for production infrastructure
• Consider disabling batman-adv BLA functionality temporarily if patching is not immediately feasible and the feature is not required

Evidence notes

Vulnerability description sourced from official CVE record and NVD entry. Technical details derived from kernel commit messages describing the use-after-free condition in batadv_bla_del_backbone_claims(). Five stable kernel patches identified across different release branches.

Official resources