Linux · Linux Kernel · CVE-2014-9428
**Name of the Vulnerable Software and Affected Versions**
Linux kernel versions through 3.18.1
**Description**
The issue is related to the batadv frag merge packets function in the B.A.T.M.A.N. implementation, which uses an incorrect length field during a calculation of an amount of memory. This allows remote attackers to cause a denial of service, resulting in a mesh-node system crash via fragmented packets.
**Recommendations**
For Linux kernel versions through 3.18.1, update to a version newer than 3.18.1 to resolve the issue.
As a temporary workaround, consider restricting access to the batadv frag merge packets function until a patch is available.