Linux Kernel batman-adv tp_meter Session Management Vulnerability

A vulnerability in the Linux kernel's batman-adv module has been addressed. This issue prevented the throughput meter (tp_meter) from initiating new sender or receiver sessions after the mesh state had transitioned away from active. The vulnerability was introduced in the tp_meter implementation and could lead to improper session management during critical network operations.

Impact

The vulnerability could cause disruptions in network performance by allowing tp_meter sessions to be improperly managed, potentially leading to uncoordinated data transmission or reception.

Reproduction

The vulnerability can be reproduced by allowing the mesh state to transition out of BATADV_MESH_ACTIVE, and then attempting to start new tp_meter sessions. The sessions should not be initiated, indicating that the vulnerability is present.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for downloading the patched version are available on the Linux Kernel Archives.