Race condition in Linux kernel - CVE-2026-46206
Published: May 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper state management in tp_meter when starting new sender or receiver sessions after mesh_state has left BATADV_MESH_ACTIVE. A local user can start a new tp_meter sender or receiver session during teardown to cause a denial of service.
How to mitigate CVE-2026-46206
Sources
- https://git.kernel.org/stable/c/3243543592425beec83d453793e9d27caa0d8e66
- https://git.kernel.org/stable/c/ca39545cf07c142b39d474a1439a046bf28def3d
- https://git.kernel.org/stable/c/e1e2194cc725ec1d41f9412496212f0fa0519c36
- https://git.kernel.org/stable/c/e4a3c4a4c8f6efd243c3e448c05b7bebcbf7b3b6
- https://git.kernel.org/stable/c/ff93f86ecbb50a4709c403fc279a396e308edde5