CVE-2026-31659 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: April 27, 2026
Linux kernel batman-adv - Buffer Overflow
Published: April 24, 2026Updated: April 27, 2026Remote Exploitable
Overview
Linux kernel batman-adv contains a heap buffer overflow caused by improper handling of oversized global TT response buffers in batadv_tt_prepare_tvlv_global_data(), letting remote originators write past heap boundaries, exploit requires sending oversized TT responses.
Severity & Score
Severity: Critical
CVSS Score: 9.8
Impact
Remote attackers can cause heap buffer overflow, potentially leading to denial of service or code execution.
Mitigation
Update to the latest Linux kernel version with the fix for oversized global TT response buffers.
References
- https://git.kernel.org/stable/c/2997f4bd1f982e7013709946e00be89b507693fa
- https://git.kernel.org/stable/c/3a359bf5c61d52e7f09754108309d637532164a6
- https://git.kernel.org/stable/c/69d61639bc7e963c3b645e570279d731e7c89062
- https://git.kernel.org/stable/c/7e5d007e0df946bffb8542fb112e0044014a5897
- https://git.kernel.org/stable/c/95c71365a2222908441b54d6f2c315e0c79fcec3
- https://git.kernel.org/stable/c/cf2199171ef799ca7270019125f4a91bd20ad4d9
- https://git.kernel.org/stable/c/de6c1dc3c7d01a152607e6fcecee4d5288283f10
- https://git.kernel.org/stable/c/f970646b9a39539d1bac86822ac78b5915455ea9
Related Resources
Details
- CVE ID
- CVE-2026-31659
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- unconfirmed
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H