CVE-2026-31657

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description In the batman-adv module, the function batadv bla add claim() can replace claim->backbone gw and drop the last reference of the old gateway while readers are still following the pointer. The netlink claim dump path dereferences claim->backbone gw->orig and takes claim->backbone gw->crc lock without pinning the underlying backbone gateway. Additionally, the function batadv bla check claim() utilizes the same naked pointer access pattern.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.