CVE-2026-31683
Description
In the Linux kernel, the following vulnerability has been resolved:
batman-adv: avoid OGM aggregation when skb tailroom is insufficient
When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while a later packet can still be selected for aggregation. Appending in this case can hit skb_put overflow conditions.
Reject aggregation when the target skb tailroom cannot accommodate the new packet. The caller then falls back to creating a new forward packet instead of appending.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In batman-adv, insufficient skb tailroom for OGM aggregation can cause a buffer overflow; fixed by checking tailroom before appending.
Vulnerability
When OGM aggregation is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes. If a later packet is selected for aggregation, appending can hit skb_put overflow conditions because the tailroom is insufficient.
Exploitation
An attacker on the same network can send crafted OGM packets to trigger this condition. No special privileges are required beyond the ability to send/receive batman-adv mesh traffic. The vulnerability is triggered when the aggregation state changes while forwarding packets.
Impact
A successful exploit can cause a buffer overflow in kernel memory, leading to system crash (denial of service) or potential arbitrary code execution due to memory corruption. The CVSS score of 7.8 indicates high severity.
Mitigation
The fix rejects OGM aggregation when the target skb tailroom cannot accommodate the new packet, causing the caller to create a new forward packet. Patches are available in multiple stable Linux kernel commits [1][2][3][4]. Users should update to the latest kernel version to mitigate this issue.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7(expand)+ 5 more
- (no CPE)
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.38,<5.10.253
- cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- git.kernel.org/stable/c/0b10a8b355c3f71012ce89289ec2c2f5e3bfd6c1nvdPatch
- git.kernel.org/stable/c/0d4aef630be9d5f9c1227d07669c26c4383b5ad0nvdPatch
- git.kernel.org/stable/c/0e35db29fc5a97a8553f7c2d3a2ba730e46b1ee8nvdPatch
- git.kernel.org/stable/c/1ada20331f2df2a942d6b83ae1f04a304b642e2anvdPatch
- git.kernel.org/stable/c/67176c96f325837b0bb3e9538ca2eba414f447d8nvdPatch
- git.kernel.org/stable/c/6755347c5f9bdd44dee80f692208b056fcd40a52nvdPatch
- git.kernel.org/stable/c/6e40ebb999c2c3d2fbb3cacb61f0384ee6e69075nvdPatch
- git.kernel.org/stable/c/eda89a1bae0602aec8314ced299bb243b9f9aeefnvdPatch
News mentions
1- Siemens SIMATICCISA Alerts