Linux EUVD-2026-25552

| CVE-2026-31659 CRITICAL
2026-04-24 Linux GHSA-8jfv-frvf-4g4v
Information Disclosure Linux
9.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
CVSS changed
Apr 27, 2026 - 15:22 NVD
9.8 (CRITICAL)
Patch available
Apr 24, 2026 - 16:16 EUVD

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: reject oversized global TT response buffers

batadv_tt_prepare_tvlv_global_data() builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the TT payload length plus the VLAN header offset can exceed 65535 and wrap before kmalloc().

The full-table response path still uses the original TT payload length when it fills tt_change, so the wrapped allocation is too small and batadv_tt_prepare_tvlv_global_data() writes past the end of the heap object before the later packet-size check runs.

Fix this by rejecting TT responses whose TVLV value length cannot fit in the 16-bit TVLV payload length field.

Analysis

In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a global TT response in 16-bit temporaries. When a remote originator advertises a large enough global TT, the TT payload length plus the VLAN header offset can exceed 65535 and wrap before kmalloc(). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2026-31669 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_est
CVE-2026-31649 CRITICAL
9.8 Apr 24

Integer underflow in Linux kernel stmmac network driver allows kernel memory disclosure and potential corruption via cra
CVE-2026-31657 CRITICAL
9.8 Apr 24

Use-after-free in Linux kernel batman-adv (B.A.T.M.A.N. Advanced mesh networking) allows remote network attackers to tri
CVE-2026-31668 CRITICAL
9.8 Apr 24

In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths
CVE-2026-31589 CRITICAL
9.8 Apr 24

Use-after-free in Linux kernel memory management allows remote code execution when the folio_unmap_invalidate() function

Share

EUVD-2026-25552 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy