Cyber Resilience

CVE-2026-31683

High

Published: 25 April 2026

Published
25 April 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31683 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-31683 is a vulnerability in the Linux kernel's batman-adv component, which handles mesh networking. The issue arises when the OGM (Originator Message) aggregation state is toggled at runtime. An existing forwarded packet may have been allocated with only the original packet_len bytes of tailroom, while a subsequent packet is selected for aggregation. Attempting to append in this scenario can trigger skb_put overflow conditions.

A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), as scored by CVSS v3.1 at 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation leads to high impacts on confidentiality, integrity, and availability, potentially resulting in kernel crashes, data corruption, or other disruptions due to the buffer overflow.

Mitigation patches are available in the Linux kernel stable repository via the following commits: 0b10a8b355c3f71012ce89289ec2c2f5e3bfd6c1, 0d4aef630be9d5f9c1227d07669c26c4383b5ad0, 0e35db29fc5a97a8553f7c2d3a2ba730e46b1ee8, 1ada20331f2df2a942d6b83ae1f04a304b642e2a, and 67176c96f325837b0bb3e9538ca2eba414f447d8. These patches reject aggregation when the target skb tailroom cannot accommodate the new packet, causing the caller to fall back to creating a new forward packet instead of appending.

EU & UK References

Vulnerability details

In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while…

more

a later packet can still be selected for aggregation. Appending in this case can hit skb_put overflow conditions. Reject aggregation when the target skb tailroom cannot accommodate the new packet. The caller then falls back to creating a new forward packet instead of appending.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local kernel buffer overflow (skb_put) in batman-adv allows low-privileged attacker to trigger overflow for privilege escalation or arbitrary kernel code execution (high C/I/A impact).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-71152Same product: Linux Linux Kernel
CVE-2026-23111Same product: Linux Linux Kernel
CVE-2026-31530Same product: Linux Linux Kernel
CVE-2026-23387Same product: Linux Linux Kernel
CVE-2025-21856Same product: Linux Linux Kernel
CVE-2025-21727Same product: Linux Linux Kernel
CVE-2026-23275Same product: Linux Linux Kernel
CVE-2026-31401Same product: Linux Linux Kernel
CVE-2024-57980Same product: Linux Linux Kernel
CVE-2026-23437Same product: Linux Linux Kernel

Affected Assets

linux
linux kernel
7.0 · 2.6.38 — 5.10.253 · 5.11 — 5.15.203 · 5.16 — 6.1.167

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the batman-adv OGM aggregation buffer overflow by applying available kernel patches that enforce tailroom checks before appending packets.

prevent

Implements kernel memory protections such as stack canaries and address space layout randomization to prevent successful exploitation of the skb_put overflow vulnerability.

prevent

Restricts or prohibits use of non-essential kernel modules like batman-adv to eliminate exposure to this specific OGM aggregation flaw.

References