Linux Kernel CVE-2026-31657

| EUVD-2026-25550 CRITICAL
NULL Pointer Dereference (CWE-476)
2026-04-24 Linux GHSA-w24x-3wrx-8q34
Linux Null Pointer Dereference Denial Of Service
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 27, 2026 - 20:22 vuln.today
cvss_changed
Analysis Generated
Apr 27, 2026 - 15:41 vuln.today
CVSS changed
Apr 27, 2026 - 15:22 NVD
9.8 (CRITICAL)
Patch available
Apr 24, 2026 - 16:16 EUVD

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: hold claim backbone gateways by reference

batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the pointer.

The netlink claim dump path dereferences claim->backbone_gw->orig and takes claim->backbone_gw->crc_lock without pinning the underlying backbone gateway. batadv_bla_check_claim() still has the same naked pointer access pattern.

Reuse batadv_bla_claim_get_backbone_gw() in both readers so they operate on a stable gateway reference until the read-side work is complete. This keeps the dump and claim-check paths aligned with the lifetime rules introduced for the other BLA claim readers.

AnalysisAI

Use-after-free in Linux kernel batman-adv (B.A.T.M.A.N. Advanced mesh networking) allows remote network attackers to trigger memory corruption and potentially execute arbitrary code. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-31669 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_est
CVE-2026-31649 CRITICAL
9.8 Apr 24

Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via cra
CVE-2026-31659 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buf
CVE-2026-31668 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths
CVE-2026-31589 CRITICAL
9.8 Apr 24

Use-after-free in Linux kernel memory management allows remote code execution when the folio_unmap_invalidate() function

Share

CVE-2026-31657 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy