What is GHSA-w24x-3wrx-8q34?

GHSA-w24x-3wrx-8q34 is a security advisory published by GitHub Security Advisories with Critical severity. In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim...

Which CVE IDs does GHSA-w24x-3wrx-8q34 cover?

GHSA-w24x-3wrx-8q34 covers the following CVE IDs: CVE-2026-31657. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-w24x-3wrx-8q34?

GHSA-w24x-3wrx-8q34 has a CVSS v3 base score of 9.8, published by GitHub Security Advisories.

GHSA-w24x-3wrx-8q34CriticalCVSS 9.8

In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim...

Vendor

GitHub Security Advisories

Published

April 24, 2026

Last Modified

June 1, 2026

🔗 CVE IDs covered (1)

CVE-2026-31657 →

📋 Description

In the Linux kernel, the following vulnerability has been resolved:

batman-adv: hold claim backbone gateways by reference

batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the pointer.

The netlink claim dump path dereferences claim->backbone_gw->orig and takes claim->backbone_gw->crc_lock without pinning the underlying backbone gateway. batadv_bla_check_claim() still has the same naked pointer access pattern.

Reuse batadv_bla_claim_get_backbone_gw() in both readers so they operate on a stable gateway reference until the read-side work is complete. This keeps the dump and claim-check paths aligned with the lifetime rules introduced for the other BLA claim readers.

🔗 CVE IDs covered (1)

📋 Description

🔗 References (10)