CVE-2026-46212
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel within the batman-adv module, concerning improper memory management during the deletion of claims. The issue can lead to a use-after-free situation, potentially resulting in unpredictable system behavior.
Risk Assessment
This vulnerability may lead to system crashes or allow an attacker to execute unauthorized code in the kernel context, posing a serious threat to system stability and security.
Recommendation
It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed to minimize the risk associated with its exploitation.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadv_bla_del_backbone_claims() removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the references which need to be dropped at the same time via batadv_claim_put(). But the batadv_claim_put() must not be done before the last access to the claim object in this function. Otherwise the claim might be freed already by the batadv_claim_release() function before the list entry was dropped.

