CVE-2026-46208
Reported by Linux · Published May 28, 2026
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink request has already finished. When the mesh interface is removed, batadv_mesh_free() currently tears down the mesh without first draining these sessions. A running sender thread or a late incoming tp_meter packet can then keep processing against a mesh instance which is already shutting down. Synchronize tp_meter with the mesh lifetime by stopping all active sessions from batadv_mesh_free() and waiting for sender threads to exit before teardown continues.
EPSS 0.01% · 2.5th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux | 33a3bb4a3345bb511f9c69c913da95d4693e2a4e, 33a3bb4a3345bb511f9c69c913da95d4693e2a4e, 33a3bb4a3345bb511f9c69c913da95d4693e2a4e |
| Linux | Linux | 4.8, 0, 5.10.259 |
| linux | linux_kernel | 4.8, 4.8, 4.8 |
| Linux | Linux | 33a3bb4a3345bb511f9c69c913da95d4693e2a4e, 33a3bb4a3345bb511f9c69c913da95d4693e2a4e, 33a3bb4a3345bb511f9c69c913da95d4693e2a4e |
Timeline
- May 28, 2026 EPSS Score
- May 28, 2026 CVE Published
- May 29, 2026 EPSS Score
- May 30, 2026 EPSS Score
- May 31, 2026 EPSS Score
- Jun 1, 2026 EPSS Score
- Jun 1, 2026 Security Advisory
- Jun 4, 2026 Coalition ESS Score
- Jun 5, 2026 EPSS Score