Kernel batadv: Stop NULLptr in claim purge (CVE202646233)
CVE-2026-46233 Published on May 28, 2026
batman-adv: bla: only purge non-released claims
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: bla: only purge non-released claims
When batadv_bla_purge_claims() goes through the list of claims, it is only
traversing the hash list with an rcu_read_lock(). Due to a potential
parallel batadv_claim_put(), it can happen that it encounters a claim which
was actually in the process of being released+freed by
batadv_claim_release(). In this case, backbone_gw is set to NULL before the
delayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is
then no longer allowed because it would cause a NULL-ptr derefence.
To avoid this, only claims with a valid reference counter must be purged.
All others are already taken care of.
Products Associated with CVE-2026-46233
Want to know whenever a new CVE is published for Linux Kernel? stack.watch will email you.
Affected Versions
Linux:- Version 23721387c409087fd3b97e274f34d3ddc0970b74 and below 7b8fbcee3184d848b5aee085ca16d0cf05c9b641 is affected.
- Version 23721387c409087fd3b97e274f34d3ddc0970b74 and below 7b7ebb7222a5524ce58e48cc9c6d688320ea6cfe is affected.
- Version 23721387c409087fd3b97e274f34d3ddc0970b74 and below b65365d2b1e6095c538d49baeb140dd1c166c1b3 is affected.
- Version 23721387c409087fd3b97e274f34d3ddc0970b74 and below ab3dbd07a809a8eb30c7ddfab9ac886ed30dce8d is affected.
- Version 23721387c409087fd3b97e274f34d3ddc0970b74 and below cf6b604011591865ae39ac82de8978c1120d17af is affected.
- Version 3.5 is affected.
- Before 3.5 is unaffected.
- Version 6.6.140, <= 6.6.* is unaffected.
- Version 6.12.90, <= 6.12.* is unaffected.
- Version 6.18.32, <= 6.18.* is unaffected.
- Version 7.0.9, <= 7.0.* is unaffected.
- Version 7.1-rc4, <= * is unaffected.