{"id":"CVE-2026-31683","summary":"batman-adv: avoid OGM aggregation when skb tailroom is insufficient","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: avoid OGM aggregation when skb tailroom is insufficient\n\nWhen OGM aggregation state is toggled at runtime, an existing forwarded\npacket may have been allocated with only packet_len bytes, while a later\npacket can still be selected for aggregation. Appending in this case can\nhit skb_put overflow conditions.\n\nReject aggregation when the target skb tailroom cannot accommodate the new\npacket. The caller then falls back to creating a new forward packet\ninstead of appending.","modified":"2026-04-26T04:22:23.148921Z","published":"2026-04-25T08:47:00.334Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31683.json","cna_assigner":"Linux"},"references":[{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0b10a8b355c3f71012ce89289ec2c2f5e3bfd6c1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0d4aef630be9d5f9c1227d07669c26c4383b5ad0"},{"type":"WEB","url":"https://git.kernel.org/stable/c/0e35db29fc5a97a8553f7c2d3a2ba730e46b1ee8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/1ada20331f2df2a942d6b83ae1f04a304b642e2a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/67176c96f325837b0bb3e9538ca2eba414f447d8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6755347c5f9bdd44dee80f692208b056fcd40a52"},{"type":"WEB","url":"https://git.kernel.org/stable/c/6e40ebb999c2c3d2fbb3cacb61f0384ee6e69075"},{"type":"WEB","url":"https://git.kernel.org/stable/c/eda89a1bae0602aec8314ced299bb243b9f9aeef"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31683.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31683"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"c6c8fea29769d998d94fcec9b9f14d4b52b349d3"},{"fixed":"67176c96f325837b0bb3e9538ca2eba414f447d8"},{"fixed":"0b10a8b355c3f71012ce89289ec2c2f5e3bfd6c1"},{"fixed":"6755347c5f9bdd44dee80f692208b056fcd40a52"},{"fixed":"1ada20331f2df2a942d6b83ae1f04a304b642e2a"},{"fixed":"6e40ebb999c2c3d2fbb3cacb61f0384ee6e69075"},{"fixed":"0e35db29fc5a97a8553f7c2d3a2ba730e46b1ee8"},{"fixed":"eda89a1bae0602aec8314ced299bb243b9f9aeef"},{"fixed":"0d4aef630be9d5f9c1227d07669c26c4383b5ad0"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31683.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.6.38"},{"fixed":"5.10.253"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.203"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.167"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.130"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.78"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31683.json"}}],"schema_version":"1.7.5"}