CVE-2026-31683
Published: 25 April 2026
Summary
CVE-2026-31683 is a high-severity an unspecified weakness vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-31683 is a vulnerability in the Linux kernel's batman-adv component, which handles mesh networking. The issue arises when the OGM (Originator Message) aggregation state is toggled at runtime. An existing forwarded packet may have been allocated with only the original packet_len bytes of tailroom, while a subsequent packet is selected for aggregation. Attempting to append in this scenario can trigger skb_put overflow conditions.
A local attacker with low privileges (PR:L) can exploit this vulnerability with low attack complexity (AC:L) and no user interaction (UI:N), as scored by CVSS v3.1 at 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Successful exploitation leads to high impacts on confidentiality, integrity, and availability, potentially resulting in kernel crashes, data corruption, or other disruptions due to the buffer overflow.
Mitigation patches are available in the Linux kernel stable repository via the following commits: 0b10a8b355c3f71012ce89289ec2c2f5e3bfd6c1, 0d4aef630be9d5f9c1227d07669c26c4383b5ad0, 0e35db29fc5a97a8553f7c2d3a2ba730e46b1ee8, 1ada20331f2df2a942d6b83ae1f04a304b642e2a, and 67176c96f325837b0bb3e9538ca2eba414f447d8. These patches reject aggregation when the target skb tailroom cannot accommodate the new packet, causing the caller to fall back to creating a new forward packet instead of appending.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25650
Vulnerability details
In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while…
more
a later packet can still be selected for aggregation. Appending in this case can hit skb_put overflow conditions. Reject aggregation when the target skb tailroom cannot accommodate the new packet. The caller then falls back to creating a new forward packet instead of appending.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel buffer overflow (skb_put) in batman-adv allows low-privileged attacker to trigger overflow for privilege escalation or arbitrary kernel code execution (high C/I/A impact).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the batman-adv OGM aggregation buffer overflow by applying available kernel patches that enforce tailroom checks before appending packets.
Implements kernel memory protections such as stack canaries and address space layout randomization to prevent successful exploitation of the skb_put overflow vulnerability.
Restricts or prohibits use of non-essential kernel modules like batman-adv to eliminate exposure to this specific OGM aggregation flaw.