CVE-2026-31657 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux kernel batman-adv - Use After Free
Overview
Linux kernel batman-adv contains a use-after-free vulnerability caused by improper reference handling of backbone gateways in batadv_bla_add_claim and related functions, letting attackers cause memory corruption or denial of service, exploit requires kernel-level access.
Severity & Score
Impact
Attackers with kernel access can cause memory corruption or denial of service by exploiting improper reference handling.
Mitigation
Update to the latest Linux kernel version containing the fix.
References
- https://git.kernel.org/stable/c/1f2dc36c297d27733f1b380ea644cf15a361bd7b
- https://git.kernel.org/stable/c/2f55b58b5a0bbed192d60c444a45a49cdf1b545f
- https://git.kernel.org/stable/c/4dee4c0688443aaf5bbec74aa203c851d1d53c35
- https://git.kernel.org/stable/c/7962b522222628596ca9ecc8722efc95367aadbd
- https://git.kernel.org/stable/c/82d8701b2c930d0e96b0dbc9115a218d791cb0d2
- https://git.kernel.org/stable/c/f4858832ddef2f39f21e30b7226bbcd3c4b2bc96
Social Media Activity(1 post)
š“ CVE-2026-31657 - Critical (9.8) In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow ... š https://www.thehackerwire.com/vulnerability/CVE-2026-31657/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-31657
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- use_after_free
- Status
- unconfirmed
- EPSS
- 5.7%
- Social Posts
- 1
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H