Linux Kernel batman-adv TP Meter Session Management Vulnerability During Mesh Teardown

A vulnerability exists in the Linux kernel's batman-adv module, specifically related to the management of throughput (TP) meter sessions during the teardown of mesh interfaces. When a mesh interface is removed, the current process does not first clear active TP meter sessions, which can lead to issues. This oversight allows a sending thread or a delayed TP meter packet to continue processing with a mesh instance that is already in the process of shutting down. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability can cause improper handling of TP meter sessions, potentially leading to issues in network performance or reliability during mesh interface changes.

Reproduction

To reproduce this vulnerability, initiate TP meter sessions on a batman-adv mesh interface. Once the sessions are active, remove the mesh interface without first stopping the TP meter sessions. This can be done by sending a netlink request to remove the interface, which will trigger the batadv_mesh_free() function. Observe that the TP meter sessions remain active and can still process data, despite the mesh interface being removed.

Remediation

The vulnerability has been addressed in the Linux kernel. Users should upgrade to the latest version where this issue has been fixed.