PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46231 Linux CVE debrief

A reference counting vulnerability in the Linux kernel's B.A.T.M.A.N. Advanced (batman-adv) mesh networking subsystem could allow memory exhaustion through object leakage. The flaw occurs in the Bridge Loop Avoidance (BLA) component when batadv_bla_add_claim() fails to insert a new claim into the hash table, leaking a reference to the backbone gateway (backbone_gw) object. Without the proper reference release via batadv_backbone_gw_put(), the leaked object cannot be freed, leading to gradual memory consumption. This affects systems using batman-adv with BLA enabled, commonly deployed in wireless mesh networks and community network infrastructures. The vulnerability was resolved by adding the missing reference put call on the error path. Multiple stable kernel branches received backported fixes.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-28
Original CVE updated
2026-05-28
Advisory published
2026-05-28
Advisory updated
2026-05-28

Who should care

Organizations operating wireless mesh networks using Linux-based batman-adv deployments, particularly community networks (Freifunk, Guifi.net, Ninux), municipal wireless projects, and industrial IoT mesh infrastructures where BLA is enabled for Ethernet bridging integration.

Technical summary

The batman-adv kernel module implements the B.A.T.M.A.N. Advanced mesh routing protocol. Its Bridge Loop Avoidance (BLA) extension prevents broadcast loops when mesh nodes bridge into the same Ethernet segment. The vulnerability exists in batadv_bla_add_claim(), which manages claim entries associating MAC addresses with backbone gateways. When hash insertion fails (e.g., due to memory pressure or hash table corruption), the function previously returned without decrementing the reference count on the backbone_gw object obtained earlier. This reference leak prevents garbage collection of the backbone gateway structure, causing unbounded memory growth over time as failed claim attempts accumulate. The fix adds batadv_backbone_gw_put() on the error path before returning. The provided kernel.org stable commits indicate backports to multiple long-term support kernel branches.

Defensive priority

medium

Recommended defensive actions

  • Apply kernel updates from distribution maintainers once patches are available for your specific kernel version
  • Verify batman-adv module version and confirm BLA (Bridge Loop Avoidance) feature usage in your mesh network deployment
  • Monitor for memory pressure indicators on systems running batman-adv mesh networking
  • Review kernel changelogs for backported fixes to stable branches (5.4, 5.10, 5.15, 6.1, 6.6, 6.12 per kernel.org stable commit pattern)
  • Consider disabling BLA on non-essential mesh nodes if immediate patching is not feasible and network topology permits

Evidence notes

Vulnerability description confirms reference leak in batadv_bla_add_claim() error path. Five kernel.org stable branch commits provided as references indicate backported fixes across multiple kernel versions. No CVSS score or severity assigned by NVD at time of disclosure (status: Awaiting Analysis). Vendor identification marked low confidence with review needed; evidence points to Linux kernel based on git.kernel.org source references.

Official resources

2026-05-28