Volerion logoVolerion
Volerion logoVolerion

Linux Kernel batman-adv Out-of-Bounds Read/Write Vulnerability in Network Coding Decoding

Vulnerability

A vulnerability allowing out-of-bounds read and write has been identified in the Linux kernel's batman-adv module, specifically within the network coding decoding function. This issue arises because the function improperly trusts the length of coded data and only checks against the total length of the packet. As a result, the decoding process can read and write data outside the intended boundaries, potentially leading to memory corruption.

Impact

Exploitation of this vulnerability causes out-of-bounds memory access, which can lead to memory corruption.

Reproduction

The vulnerability can be reproduced by sending coded packets that exploit the lack of proper length validation in the 'batadv_nc_skb_decode_packet' function. The decoding process will then read and write data outside the allocated buffer boundaries.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been patched.

Added: Sep 19, 2025, 5:13 PM
Updated: Sep 19, 2025, 5:13 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
5.6
exploitability
5.7
remediation
7.7
relevance
0.6
threat
4.8
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.