CVE-2026-46208

Source
https://cve.org/CVERecord?id=CVE-2026-46208
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46208.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-46208
Downstream
Related
Published
2026-05-28T09:40:26.341Z
Modified
2026-07-15T01:48:58.877063228Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
batman-adv: stop tp_meter sessions during mesh teardown
Details

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: stop tp_meter sessions during mesh teardown

TP meter sessions remain linked on batpriv->tplist after the netlink request has already finished. When the mesh interface is removed, batadvmeshfree() currently tears down the mesh without first draining these sessions.

A running sender thread or a late incoming tpmeter packet can then keep processing against a mesh instance which is already shutting down. Synchronize tpmeter with the mesh lifetime by stopping all active sessions from batadvmeshfree() and waiting for sender threads to exit before teardown continues.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46208.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
33a3bb4a3345bb511f9c69c913da95d4693e2a4e
Fixed
5e7d0ac936354c36810e74ac3056b334ed1f4058
Fixed
268078acae72daa12b17b2b299701cb9924e469a
Fixed
58943b7ea356294749dae3e75b96c0ee292c00be
Fixed
79bc0eaeef2c5797317bf2da8e3159a74d62ec47
Fixed
26dfeee8db81354bfdade155f27f9e16510ad196
Fixed
03660dab86f93319178a24667f6998526dc4355d
Fixed
8634c1dbd73adb74d40533ebb7e914efb82e71fb
Fixed
3d3cf6a7314aca4df0a6dde28ce784a2a30d0166

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46208.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.8.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.90
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.32
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-46208.json"