CVE-2026-46233 Linux CVE debrief

Who should care

Organizations running Linux kernels with batman-adv enabled, particularly mesh network deployments using Bridge Loop Avoidance. Relevant to network administrators, kernel maintainers, and security teams monitoring Linux networking subsystems.

Technical summary

The batman-adv mesh networking subsystem's Bridge Loop Avoidance (BLA) code contains a use-after-free adjacent vulnerability leading to NULL pointer dereference. The batadv_bla_purge_claims() function iterates over claim hash entries using RCU read-side critical sections without holding references to individual claims. Concurrent claim release via batadv_claim_put() → batadv_claim_release() can zero the backbone_gw pointer and schedule RCU-delayed freeing. If purge_claims() encounters such a claim before RCU grace period expires, calling batadv_bla_claim_get_backbone_gw() dereferences NULL. The resolution adds reference counting validation to skip claims already undergoing release.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable branches when available for your distribution
• Monitor distribution security advisories for batman-adv package updates
• If batman-adv BLA is not required, consider disabling the feature as a temporary mitigation
• Review kernel logs for batman-adv related oops messages that may indicate exploitation attempts

Evidence notes

Vulnerability description sourced from official CVE record published 2026-05-28. Patch commits identified in NVD references for multiple stable kernel branches. No CVSS score or severity assigned by NVD at time of publication (status: Awaiting Analysis). Vendor attribution marked low confidence by source system due to 'Kernel' domain candidate; Linux kernel is the affected product.

Official resources