CVE-2026-46231
Published: June 2, 2026Last modified: June 24, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadv_bla_add_claim() fails to insert a new claim into the hash, it leaked a reference to the backbone_gw for which the claim was intended. Call batadv_backbone_gw_put() on the error path to release the reference and avoid leaking the backbone_gw object.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.175-r0) |
| 25 LTS | linux-lts | Fixed (6.12.92-r0) | |
| Stream | linux-lts | Fixed (6.18.35-r1) |
References
- https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0
- https://git.kernel.org/stable/c/2888c9a154123db0254ae4fb9bea570c7e1f2e06
- https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256
- https://git.kernel.org/stable/c/6c8b68a7ed667a63aa603ba4d3a7088be143007e
- https://git.kernel.org/stable/c/769f413d374ff2b6ff6d8d8c37b4c1178e6cdf14
- https://git.kernel.org/stable/c/7cccf4eb4f96d3c3af91a00b7a9caa652439542e
- https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c
- https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd