CVE-2026-46238 | batman-adv: stop caching unowned originator pointers in BAT IV

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neigh_node, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not owned by the neigh_node and may no longer refer to a live originator entry after purge handling runs. Stop storing the auxiliary originator pointer in the BAT IV neighbor state. When BAT IV needs the neighbor originator data, resolve it from the stored neighbor address and drop the reference again after use. [sven: avoid bonding logic for outgoing OGM]

Published: 2026-05-28 Last update: 2026-06-10 Assigner: 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Source: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

NVD Status：Analyzed，CVE State: published

View at NVD, CVE.org, EUVD

Threat Intelligence & Risk Assessment for CVE-2026-46238

EPSS CVSS GHSA Affected OS Tracker

Conclusion & alert: CVE-2026-46238 is rated Moderate Risk (41.6/100): CVSS High severity, with low exploitation likelihood (EPSS 0.27%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2026-46238

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	0.02%	0.27%	+0.25%
2	2026-05-28	—	0.02%	—

Full EPSS history (2 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2026-46238

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
8.8	3.1	HIGH	`CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:A) Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet. Attack complexity (AC:L) Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	2.8	5.9	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Weakness enumeration for CVE-2026-46238

GitHub Security Advisory for CVE-2026-46238

GHSA-vhmf-xjjg-5pxr · Severity: high — In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching...

OS Trackers for CVE-2026-46238

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2026-46238 not yet assigned priority: Debian including 1 source packages (linux), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.	https://security-tracker.debian.org/tracker/CVE-2026-46238
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2026-46238
`suse`	—	—	https://www.suse.com/security/cve/CVE-2026-46238/
`ubuntu`	medium	CVE-2026-46238 medium priority: Ubuntu including 158 source packages (linux, linux-allwinner-5.19, …), 1422 status rows across 9 suites (bionic, focal, jammy, noble, questing, resolute, trusty, upstream, xenial): DNE 1024, ignored 173, needed 141, released 84.	https://ubuntu.com/security/CVE-2026-46238

Affected software / configurations for CVE-2026-46238

Vendor	Product	Version	Raw CPE
linux	linux_kernel	>= 2.6.38, < 5.10.258	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.11, < 5.15.209	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 5.16, < 6.1.175	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.2, < 6.6.140	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.7, < 6.12.90	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.13, < 6.18.32	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	>= 6.19, < 7.0.9	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	7.1	cpe:2.3:o:linux:linux_kernel:7.1:rc1::::::
linux	linux_kernel	7.1	cpe:2.3:o:linux:linux_kernel:7.1:rc2::::::
linux	linux_kernel	7.1	cpe:2.3:o:linux:linux_kernel:7.1:rc3::::::

References for CVE-2026-46238

URL	Tags
https://git.kernel.org/stable/c/09dc0d1a12222ffca6481916eab3cfea477b9620	Patch
https://git.kernel.org/stable/c/384e3050a42be9085d50507b4d5f8266a588d742	Patch
https://git.kernel.org/stable/c/67bceeb22207f1f5a402973a3a0809e5f2698f38	Patch
https://git.kernel.org/stable/c/6e20700f8c524ac379ba8274ff5d453023b7c006	Patch
https://git.kernel.org/stable/c/86b2b58d7c228d850c8c78e4144e6123e8ed2718	Patch
https://git.kernel.org/stable/c/8c16c68fdbb69778f8d04f650340c3f4d1518f8e	Patch
https://git.kernel.org/stable/c/aafcbaf1159ea224528ca4075d0ba8c10ef374af	Patch
https://git.kernel.org/stable/c/f03e8583532941b07761c5429de7d50766fa3110	Patch

cvelogic Threat Intelligence