CVE-2026-46212

May 28, 2026, 1:44 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadv_bla_del_backbone_claims() removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry itself was one of the references which need to be dropped at the same time via batadv_claim_put(). But the batadv_claim_put() must not be done before the last access to the claim object in this function. Otherwise the claim might be freed already by the batadv_claim_release() function before the list entry was dropped.

Product(s) Impacted

Vendor Product Versions
Linux
  • Linux Kernel
  • Batman-adv
  • *
  • *

Weaknesses

Common security weaknesses mapped to this vulnerability.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a linux linux_kernel / / / / / / / /
a linux batman-adv / / / / / / / /

References

https://git.kernel.org/stable/c/00155f336a5e8b1006d2ca9ae7ad8fc4a44bb401
https://git.kernel.org/stable/c/0cc9847c64cb6e61118bc78c9187c8209a7197fa
https://git.kernel.org/stable/c/368449e467d5f1e2c2e987bf2bd57000ba75e10b
https://git.kernel.org/stable/c/4ae1709a314060a196981b344610d023ea841e57
https://git.kernel.org/stable/c/6c5dc6d68e6ba7f0224a757a39ed52fcdb54d472

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2026-05-28
CVE-2026-46212

Timeline

Published: May 28, 2026, 10:16 a.m.
Last Modified: May 28, 2026, 1:44 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.