CVE-2026-46198
Published: May 28, 2026
Modified: Jun 1, 2026
CVSS v3.1
8.8
Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix integer overflow on buff_pos Fixing an integer overflow present in batadv_iv_ogm_send_to_if. The size check is done using the int type in batadv_iv_ogm_aggr_packet whereas the buff_pos variable uses the s16 type. This could lead to an out-of-bound read.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected c6c8fea29769d998d94fcec9b9f14d4b52b349d3 - < 867cd090760e8f5cd206f387b47ff9c56fac04e9affected c6c8fea29769d998d94fcec9b9f14d4b52b349d3 - < 10bb1f366d884d506c38a947b43026a75d1afe9aaffected c6c8fea29769d998d94fcec9b9f14d4b52b349d3 - < 96c9c0ed9a9579a9085765aceaa4556a6666eb82affected c6c8fea29769d998d94fcec9b9f14d4b52b349d3 - < f61499359fa529f0d45a53bf7c573a49eb6322e6affected c6c8fea29769d998d94fcec9b9f14d4b52b349d3 - < 974542d1efc48b7e9fe16184e647615cba39969b+3 more versions |
Linux | Linux | affected 2.6.38unaffected 0 - < 2.6.38unaffected 5.10.258 - <= 5.10.*unaffected 5.15.209 - <= 5.15.*unaffected 6.1.175 - <= 6.1.*+5 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now