製品・ソフトウェアに関する情報

JVN脆弱性詳細

LinuxのLinux Kernelにおける不特定の脆弱性

Title	LinuxのLinux Kernelにおける不特定の脆弱性
Summary	Linuxカーネルにおいて、以下の脆弱性が修正されました。batman-advのblaモジュールで、put backbone reference on failed claim hash insertの問題がありました。batadv_bla_add_claim()が新しいクレームをハッシュに挿入するのに失敗した場合、クレームが意図されていたbackbone_gwへの参照をリークしていました。エラーパスでbatadv_backbone_gw_put()を呼び出すことで、参照を解放し、backbone_gwオブジェクトのリークを防止しました。
Possible impacts	・当該ソフトウェアが扱う情報について、外部への漏えいは発生しません。・当該ソフトウェアが扱う情報について、書き換えは発生しません。・当該ソフトウェアが完全に停止する可能性があります。
Solution	リリース情報、またはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	May 28, 2026, midnight
Registration Date	June 11, 2026, 4:20 p.m.
Last Update	June 11, 2026, 4:20 p.m.

CVSS3.0 : 警告
Score	5.5
Vector	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected System

Linux

Linux Kernel 3.16.39 以上 3.17 未満

Linux Kernel 4.4.217 以上 4.5 未満

Linux Kernel 4.7

Linux Kernel 4.7.1 以上 5.10.258 未満

Linux Kernel 5.11 以上 5.15.209 未満

Linux Kernel 5.16 以上 6.1.175 未満

Linux Kernel 6.13 以上 6.18.32 未満

Linux Kernel 6.19 以上 7.0.9 未満

Linux Kernel 6.2 以上 6.6.140 未満

Linux Kernel 6.7 以上 6.12.90 未満

Linux Kernel 7.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2026-46231	https://www.cve.org/CVERecord?id=CVE-2026-46231
National Vulnerability Database (NVD)
2	CVE-2026-46231	https://nvd.nist.gov/vuln/detail/CVE-2026-46231

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0)	https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0
2	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/2888c9a154123db0254ae4fb9bea570c7e1f2e06)	https://git.kernel.org/stable/c/2888c9a154123db0254ae4fb9bea570c7e1f2e06
3	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256)	https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256
4	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/6c8b68a7ed667a63aa603ba4d3a7088be143007e)	https://git.kernel.org/stable/c/6c8b68a7ed667a63aa603ba4d3a7088be143007e
5	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/769f413d374ff2b6ff6d8d8c37b4c1178e6cdf14)	https://git.kernel.org/stable/c/769f413d374ff2b6ff6d8d8c37b4c1178e6cdf14
6	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/7cccf4eb4f96d3c3af91a00b7a9caa652439542e)	https://git.kernel.org/stable/c/7cccf4eb4f96d3c3af91a00b7a9caa652439542e
7	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c)	https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c
8	batman-adv: bla: put backbone reference on failed claim hash insert - kernel/git/stable/linux.git - Linux kernel stable tree (https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd)	https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd

Change Log

No	Changed Details	Date of change
1	[2026年06月11日] 掲載	June 11, 2026, 4:20 p.m.

NVD Vulnerability Information

CVE-2026-46231

Summary	In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadv_bla_add_claim() fails to insert a new claim into the hash, it leaked a reference to the backbone_gw for which the claim was intended. Call batadv_backbone_gw_put() on the error path to release the reference and avoid leaking the backbone_gw object.
Publication Date	May 28, 2026, 7:16 p.m.
Registration Date	May 29, 2026, 4:14 a.m.
Last Update	June 2, 2026, 2:17 a.m.

Related information, measures and tools

No	URL	refsource
1	https://git.kernel.org/stable/c/0baf4b659cdc7305cf685b5a5d60f9e3816ab5d0	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/2888c9a154123db0254ae4fb9bea570c7e1f2e06	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/65419eb4259a26a3cd3f56fa0e3b3c113bf8c256	416baaa9-dc9f-4396-8d5f-8c081fb06d67
4	https://git.kernel.org/stable/c/6c8b68a7ed667a63aa603ba4d3a7088be143007e	416baaa9-dc9f-4396-8d5f-8c081fb06d67
5	https://git.kernel.org/stable/c/769f413d374ff2b6ff6d8d8c37b4c1178e6cdf14	416baaa9-dc9f-4396-8d5f-8c081fb06d67
6	https://git.kernel.org/stable/c/7cccf4eb4f96d3c3af91a00b7a9caa652439542e	416baaa9-dc9f-4396-8d5f-8c081fb06d67
7	https://git.kernel.org/stable/c/ba9d20ee9076dac32c371116bacbe72480eb356c	416baaa9-dc9f-4396-8d5f-8c081fb06d67
8	https://git.kernel.org/stable/c/fd0ca034c1e71ca7613cde9dd892836b2c2831bd	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Common Vulnerabilities List