Skip to main content

Linux Kernel EUVDEUVD-2026-32858

| CVE-2026-46231 MEDIUM
2026-05-28 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-3m8h-6hx2-2479
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local access and low privileges required due to batman-adv BLA configuration dependency; impact is availability-only via memory exhaustion, no confidentiality or integrity effect.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
6.5 MEDIUM
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 10, 2026 - 21:40 vuln.today
CVSS changed
Jun 10, 2026 - 21:22 NVD
5.5 (MEDIUM)
Patch available
May 28, 2026 - 12:01 EUVD
CVE Published
May 28, 2026 - 10:16 nvd
MEDIUM 5.5
CVE Published
May 28, 2026 - 10:16 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: bla: put backbone reference on failed claim hash insert

When batadv_bla_add_claim() fails to insert a new claim into the hash, it leaked a reference to the backbone_gw for which the claim was intended. Call batadv_backbone_gw_put() on the error path to release the reference and avoid leaking the backbone_gw object.

AnalysisAI

Reference counting failure in the Linux kernel's batman-adv Bridge Loop Avoidance (BLA) subsystem allows a local low-privileged user to cause a slow kernel memory leak and eventual denial of service. Specifically, batadv_bla_add_claim() omits the required batadv_backbone_gw_put() call on the error path when a claim hash insertion fails, preventing the backbone_gw object's reference count from ever reaching zero. The vulnerability has been present since at least kernel 4.7 and is patched across multiple stable branches; no public exploit exists and EPSS is extremely low at 0.02% (5th percentile), placing this firmly in the low-urgency tier except for environments actively running batman-adv with BLA.

Technical ContextAI

The flaw resides in the batman-adv (Better Approach To Mobile Adhoc Networking Advanced) kernel module, a layer-2 mesh networking protocol implementation used in wireless mesh deployments. The specific component is BLA (Bridge Loop Avoidance), which prevents broadcast storms and duplicate frame delivery in bridged mesh networks. The function batadv_bla_add_claim() manages the association between BLA claims and their corresponding backbone gateway objects (backbone_gw); each such object is reference-counted. When inserting a new claim into the hash table fails - for instance under memory pressure or due to an internal hash collision - the normal cleanup path does not invoke batadv_backbone_gw_put(), leaving the backbone_gw reference count elevated. The object can then never be freed, constituting a classic CWE-772/CWE-401 (Missing Release of Resource after Effective Lifetime) defect. CPE data confirms the affected product as cpe:2.3:o:linux:linux_kernel across multiple version ranges starting from kernel 4.7.

RemediationAI

The primary fix is to upgrade to a patched Linux kernel: 6.6.140, 6.12.90, 6.18.32, 7.0.9, or 7.1-rc4, depending on which stable branch your distribution tracks. Upstream fix commits are available at https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd, https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0, https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256, https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c, and additional stable-branch equivalents. Distribution users should apply their vendor's latest kernel security update. Where immediate patching is not feasible, disabling BLA by setting the batman-adv module parameter bridge_loop_avoidance=0 eliminates the vulnerable code path with no side effects on deployments that do not use BLA, though it will remove loop-avoidance protection in bridged mesh topologies. If batman-adv is entirely unused, unloading the module (rmmod batman_adv) is a safe and complete mitigation until a patched kernel is applied.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32858 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy