CVE-2026-46208
Published: May 28, 2026
Modified: May 30, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink request has already finished. When the mesh interface is removed, batadv_mesh_free() currently tears down the mesh without first draining these sessions. A running sender thread or a late incoming tp_meter packet can then keep processing against a mesh instance which is already shutting down. Synchronize tp_meter with the mesh lifetime by stopping all active sessions from batadv_mesh_free() and waiting for sender threads to exit before teardown continues.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 33a3bb4a3345bb511f9c69c913da95d4693e2a4e - < 79bc0eaeef2c5797317bf2da8e3159a74d62ec47affected 33a3bb4a3345bb511f9c69c913da95d4693e2a4e - < 26dfeee8db81354bfdade155f27f9e16510ad196affected 33a3bb4a3345bb511f9c69c913da95d4693e2a4e - < 03660dab86f93319178a24667f6998526dc4355daffected 33a3bb4a3345bb511f9c69c913da95d4693e2a4e - < 8634c1dbd73adb74d40533ebb7e914efb82e71fbaffected 33a3bb4a3345bb511f9c69c913da95d4693e2a4e - < 3d3cf6a7314aca4df0a6dde28ce784a2a30d0166 |
Linux | Linux | affected 4.8unaffected 0 - < 4.8unaffected 6.6.140 - <= 6.6.*unaffected 6.12.90 - <= 6.12.*unaffected 6.18.32 - <= 6.18.*+2 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now