CVE-2026-46198

medium Red Hat
EPSS Score
0.0%
Exploitation probability in 30 days
Top 95% most likely to be exploited
Published: May 28, 2026 (43 days ago)
Last Modified: May 28, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the Linux kernel's batman-adv component. An integer overflow in the `batadv_iv_ogm_send_to_if` function, specifically with the `buff_pos` variable, can lead to an out-of-bound read. This occurs because the size check uses an `int` type while `buff_pos` uses an `s16` type, causing a mismatch that could be exploited by a local attacker.

CWE

CWE-190

Affected Products

Red Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References