8.8

CVE-2026-52934

batman-adv: tvlv: reject oversized TVLV packets

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: tvlv: reject oversized TVLV packets

batadv_tvlv_container_ogm_append() builds a TVLV packet section from
the tvlv.container_list. The total size of this section is computed by
batadv_tvlv_container_list_size(), which sums the sizes of all registered
containers.

The return type and accumulator in batadv_tvlv_container_list_size() were
u16. If the accumulated size exceeds U16_MAX, the value wraps around,
causing the subsequent allocation in batadv_tvlv_container_ogm_append()
to be undersized. The memcpy-style copy that follows would then write
beyond the end of the allocated buffer, corrupting kernel memory.

Fix this by widening the return type of batadv_tvlv_container_list_size()
to size_t. In batadv_tvlv_container_ogm_append(), check the computed length
against U16_MAX before proceeding, and bail out as if the allocation had
failed when the limit is exceeded.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version >= 3.13 < 5.10.259
LinuxLinux Kernel Version >= 5.11 < 5.15.210
LinuxLinux Kernel Version >= 5.16 < 6.1.176
LinuxLinux Kernel Version >= 6.2 < 6.6.143
LinuxLinux Kernel Version >= 6.7 < 6.12.93
LinuxLinux Kernel Version >= 6.13 < 6.18.34
LinuxLinux Kernel Version >= 6.19 < 7.0.11
LinuxLinux Kernel Version7.1 Updaterc1
LinuxLinux Kernel Version7.1 Updaterc2
LinuxLinux Kernel Version7.1 Updaterc3
LinuxLinux Kernel Version7.1 Updaterc4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.159
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
416baaa9-dc9f-4396-8d5f-8c081fb06d67 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://git.kernel.org/stable/c/c02aa6c0c9d1bea9bb75dea362b75ad225137bae
Patch
https://git.kernel.org/stable/c/1595628a2f877d052eda18865ccf539392c47c04
Patch
https://git.kernel.org/stable/c/6448a49344e87487b61bd88cb850cd694a0f576d
Patch
https://git.kernel.org/stable/c/13493b00dd1e05a705981e052158652ea23eb482
Patch
https://git.kernel.org/stable/c/94db72e9dac202e017ee3db22c59d17e4f3bf171
Patch
https://git.kernel.org/stable/c/ede47988ac5687793745b17c1634a496a2299919
Patch
https://git.kernel.org/stable/c/94a3d72cd9b21116d7c6d5bdc57c11401fc28557
Patch
https://git.kernel.org/stable/c/f50487e3566358b2b982b7801945e858c78ad9ab
Patch